View Issue Details

IDProjectCategoryView StatusLast Update
0000830savapage-server[All Projects] Securitypublic2017-07-14 13:27
ReporterrijkrAssigned Torijkr 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version0.9.11 
Target Version0.9.12Fixed in Version0.9.12 
Summary0000830: Mark session tracking cookie as HttpOnly
DescriptionIST: The session tracking cookie JSESSIONID is not marked as HttpOnly.
SOLL: Mark session tracking cookie as HttpOnly.

HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.

https://www.owasp.org/index.php/HttpOnly
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-05-30 19:04 rijkr New Issue
2017-05-30 19:04 rijkr Status new => assigned
2017-05-30 19:04 rijkr Assigned To => rijkr
2017-05-30 19:06 rijkr Status assigned => resolved
2017-05-30 19:06 rijkr Resolution open => fixed
2017-05-30 19:06 rijkr Fixed in Version => 0.9.12
2017-07-14 13:27 rijkr Status resolved => closed