Issues

Select view

List view

Detail view

Select search mode

Basic

JQL

Client cookies are not marked as secure and httpOnly
LDEV-2247
Resolved issue: LDEV-2247
Can't set Session Storage to use a Datasource name
LDEV-1131
Resolved issue: LDEV-1131

2 of 2

Client cookies are not marked as secure and httpOnly

Fixed

Description

Using `this.sessionCookie` allows to set the `secure` and `httpOnly` flags to `cfid` and `cftoken`, but if the Client store is set to Cookie, the Client cookies are not marked as httpOnly/secure. That breaks PCI Compliance.

Environment

None

Linked issues

is blocked by

LDEV-2257

Regression from LDEV-2247 fix

Details
Assignee
Igal Sapir
Reporter
Igal Sapir
Priority
Major
Labels
clientmanagementcookies
Fix versions
5.2.9.39
5.3.3.18
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue

Created 19 April 2019 at 19:37

Updated 1 August 2020 at 13:50

Resolved 19 April 2019 at 20:35

Activity

Show:

Issues

Client cookies are not marked as secure and httpOnly

Description

Environment

Linked issues

is blocked by

Details

Assignee

Reporter

Priority

Labels

Fix versions

New Issue warning screen

Activity

Flag notifications

Something's gone wrong