[Tickets #6821] Re: HttpOnly cookies
bugs at horde.org
bugs at horde.org
Mon Sep 22 13:43:16 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/6821
------------------------------------------------------------------------------
Ticket | 6821
Updated By | thomas at gelf.net
Summary | HttpOnly cookies
Queue | Horde Base
Version | HEAD
Type | Enhancement
State | Feedback
Priority | 1. Low
Milestone |
Patch | 1
Owners |
------------------------------------------------------------------------------
thomas at gelf.net (2008-09-22 09:43) wrote:
One last note (regarding "other places"): didn't find other
setcookie()-calls in Horde itself. However I did not check all
applications, but I found one in imp/static/redirect.php.
Even if ini_set('session.cookie_httponly', 1) would be possible (->
lib/core.php ?), I would discourage from doing so - there could be
apps requiring JS-accessible Cookies not expecting such setting.
More information about the bugs
mailing list