[KNOX-933] PicketLink Provider must set Secure and HTTPOnly flags on Cookie - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.13.0
Component/s: Server
Labels:
- KIP-7

Description

The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, but fails to set the HttpOnly and Secure flags to true.

This provider is not really supported anymore and isn't even documented but we should make sure that all cookies have HttpOnly and Secure flags set. We should separately consider deprecating and removing this provider.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KNOX-933_master_v1.patch
11/May/17 11:41
1 kB
Krishna Pandey
KNOX-933_master_v2.patch
16/May/17 05:48
4 kB
Krishna Pandey

Activity

People

Assignee:: Krishna Pandey

Reporter:: Larry McCay

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 04/May/17 13:14

Updated:: 28/Mar/19 14:09

Resolved:: 20/May/17 17:43