Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure Cookies | Risk: 4.8 #112

Open
ykktrcb7 opened this issue Dec 19, 2022 · 2 comments
Open

Insecure Cookies | Risk: 4.8 #112

ykktrcb7 opened this issue Dec 19, 2022 · 2 comments
Labels
enhancement

Comments

@ykktrcb7
Copy link

The cookie with the name 'PHPSESSID' does not have the flag 'secure' set. This may leak sensitive information.

PHP
In PHP, configure the cookie settings for all delivered websites. Set the following in your /etc/php/php.ini file:

session.cookie_secure = 1
session.cookie_httponly = 1
@ckulka ckulka self-assigned this Dec 19, 2022
@ykktrcb7
Copy link
Author

A possible workaround is adding a header to your reverse proxy.

@ckulka ckulka removed their assignment May 4, 2024
@ckulka
Copy link
Owner

ckulka commented May 5, 2024

I have to check if making this change would break it for anyone who is not using HTTPS, but only HTTP. Granted, shouldn't be done, but I want to be very careful about breaking folk's existing setups.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

112-insecure-cookies-|-risk-48 ckulka/baikal-docker
2 participants
@ckulka @ykktrcb7