Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-10286

JSESSIONID root cookie not protected (httponly)

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Minor
    • Resolution: Cannot Reproduce
    • Trunk
    • None
    • framework
    • None
    • Bug Crush Event - 21/2/2015

    Description

      I noticed OFBiz generate a JSESSIONID root cookie not protected (httponly)

      I'm not sure yet how and why we create this cookie, and I'm also not sure it's a security issue but better to check all that and possibly remove this cookie generation

      Attachments

        Activity

          People

            jleroux Jacques Le Roux
            jleroux Jacques Le Roux
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: