Cookie HTTPOnly/Secure Flags not set

safaacar / rubycas-server

Automatically exported from code.google.com/p/rubycas-server

GNU Lesser General Public License v2.1

0 stars 0 forks source link

Cookie HTTPOnly/Secure Flags not set #102

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

Since CAS requires HTTPS to add any security, the cookie Secure flag should be 
set so a TGT isn't sent over a clear-text channel. HTTPOnly should also be set 
to provide another barrier against cookie stealing with JavaScript.

Original issue reported on code.google.com by daniel.b...@gmail.com on 25 Jun 2010 at 7:40

GoogleCodeExporter commented 9 years ago

Original comment by matt.zuk...@gmail.com on 2 Aug 2010 at 10:04

Changed state: Accepted
Added labels: Priority-High, Security, Type-Defect

GoogleCodeExporter commented 9 years ago

Will try to get this in before the final 1.0 Sinatra release.

Original comment by matt.zuk...@gmail.com on 21 Dec 2010 at 9:13

Added labels: Milestone-Sinatra