View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000830 | savapage-server | [All Projects] Security | public | 2017-05-30 19:04 | 2017-07-14 13:27 |
| Reporter | rijkr | Assigned To | rijkr | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Product Version | 0.9.11 | ||||
| Target Version | 0.9.12 | Fixed in Version | 0.9.12 | ||
| Summary | 0000830: Mark session tracking cookie as HttpOnly | ||||
| Description | IST: The session tracking cookie JSESSIONID is not marked as HttpOnly. SOLL: Mark session tracking cookie as HttpOnly. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks. https://www.owasp.org/index.php/HttpOnly | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-05-30 19:04 | rijkr | New Issue | |
| 2017-05-30 19:04 | rijkr | Status | new => assigned |
| 2017-05-30 19:04 | rijkr | Assigned To | => rijkr |
| 2017-05-30 19:06 | rijkr | Status | assigned => resolved |
| 2017-05-30 19:06 | rijkr | Resolution | open => fixed |
| 2017-05-30 19:06 | rijkr | Fixed in Version | => 0.9.12 |
| 2017-07-14 13:27 | rijkr | Status | resolved => closed |
