Fixed
Details
Details
Assignee
Pothys - MitrahSoft
Pothys - MitrahSoftReporter
Zac Spitzer
Zac SpitzerNew Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
None
Fix versions
Priority
Created 12 April 2021 at 15:21
Updated 25 February 2025 at 13:20
Resolved 2 June 2023 at 05:43
I'm forever setting these defaults in my `Application.cfc`s
this.sessionCookie.httpOnly = true; // prevent access to session cookies from javascript this.sessionCookie.sameSite = "lax";
Lucee should be secure by default