One of the issues pointed out in the audit of the mobile wallet was that the
backend (the wallet-proxy) sends the session cookie even if the connection is
not secure and that this should be disabled. Since we do not use sessions for
anything it is simpler to just disable it entirely.
Changes
Disable the built-in session handling defaults
Checklist
[x] My code follows the style of this project.
[x] The code compiles without warnings.
[x] I have performed a self-review of the changes.
[x] I have documented my code, in particular the intent of the
hard-to-understand areas.
Purpose
One of the issues pointed out in the audit of the mobile wallet was that the backend (the wallet-proxy) sends the session cookie even if the connection is not secure and that this should be disabled. Since we do not use sessions for anything it is simpler to just disable it entirely.
Changes
Disable the built-in session handling defaults
Checklist