safaacar / rubycas-server

Automatically exported from code.google.com/p/rubycas-server
GNU Lesser General Public License v2.1
0 stars 0 forks source link

Cookie HTTPOnly/Secure Flags not set #102

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Since CAS requires HTTPS to add any security, the cookie Secure flag should be 
set so a TGT isn't sent over a clear-text channel. HTTPOnly should also be set 
to provide another barrier against cookie stealing with JavaScript.

Original issue reported on code.google.com by daniel.b...@gmail.com on 25 Jun 2010 at 7:40

GoogleCodeExporter commented 9 years ago

Original comment by matt.zuk...@gmail.com on 2 Aug 2010 at 10:04

GoogleCodeExporter commented 9 years ago
Will try to get this in before the final 1.0 Sinatra release.

Original comment by matt.zuk...@gmail.com on 21 Dec 2010 at 9:13