[Tickets #13284] Horde_Secret: Only store key in cookies if cookies are in use
noreply at bugs.horde.org
noreply at bugs.horde.org
Mon Jun 23 14:19:05 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/13284
------------------------------------------------------------------------------
Ticket | 13284
Created By | Thomas Jarosch <thomas.jarosch at intra2net.com>
Summary | Horde_Secret: Only store key in cookies if cookies are
| in use
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Thomas Jarosch <thomas.jarosch at intra2net.com> (2014-06-23 14:19) wrote:
Hi,
Horde_Secret currently stores the generated key in a cookie even when
cookies are not used for the session id. This happens in setKey() and
getKey().
The problem is later on in clearKey(): That one removes the key cookie
only if session cookies are in use, too.
The attached patch fixes clearKey() and also avoids setting the cookie
at all for non-cookie sessions.
Cheers,
Thomas
More information about the bugs
mailing list