Bug #2069

Use the SSL only flag for cookies

Added by Vangelis Koukis over 10 years ago. Updated over 9 years ago.

Status:Closed Start date:02/20/2012
Priority:High Due date:
Assignee:Sofia Papagiannaki % Done:

0%

Category:Astakos Spent time: -
Target version:-

Description

Make sure any stored cookies are only accessible over HTTPS,
by passing secure=True to response.set_cookie.

Please investigate whether SESSION_COOKIE_SECURE should also be set.

This could be optional behavior, to ease development, but please make
sure a relevant setting exists, and the default is to have cookies
be HTTPS only.

Interesting presentation, sent by azisi:
http://fscked.org/blog/fully-automated-active-https-cookie-hijacking

Associated revisions

Revision aac376e8
Added by Sofia Papagiannaki over 10 years ago

secure cookies

Refs: #2069

Revision aac376e8
Added by Sofia Papagiannaki over 10 years ago

secure cookies

Refs: #2069

Revision ca34523e
Added by Antony Chazapis over 10 years ago

Use option for secure cookie.

Refs #2069

Revision ca34523e
Added by Antony Chazapis over 10 years ago

Use option for secure cookie.

Refs #2069

History

#1 Updated by Antony Chazapis over 10 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 0.9.0 (beta) to 0.3.0

#2 Updated by Vangelis Koukis about 10 years ago

  • Status changed from Closed to Assigned
  • Target version changed from 0.3.0 to 0.4.0

reopening, the implementation must be amended to set SESSION_COOKIE_SECURE=True by default.

#3 Updated by Sofia Papagiannaki about 10 years ago

  • Target version changed from 0.4.0 to 0.5.0

#4 Updated by Sofia Papagiannaki about 10 years ago

  • Target version changed from 0.5.0 to 0.4.0

#5 Updated by Sofia Papagiannaki about 10 years ago

  • Status changed from Assigned to Closed

this requirement has been added in snf-webproject

#6 Updated by Vangelis Koukis over 9 years ago

  • Project changed from astakos to Synnefo
  • Target version deleted (0.4.0)

#7 Updated by Vangelis Koukis over 9 years ago

  • Category set to Astakos

Also available in: Atom PDF