Closed Bug 261535 Opened 20 years ago Closed 18 years ago

We should set "secure=yes" in cookies when using HTTPS.

Tracking

()

Status:

VERIFIED DUPLICATE of bug 381569

People

(Reporter: gerv, Unassigned)

Details

Gervase Markham [:gerv]

Reporter

Description

•

20 years ago

Gervase Markham [:gerv]

Reporter

Comment 1

•

20 years ago

Pants. OK, here's an initial description. We should set "secure=yes" in cookies when using HTTPS. If you don't set "secure=yes", then when an already-logged-in user clicks an HTTP link to Bugzilla (such as used to be on Bonsai), an HTTP request is made with cookies, which is then redirected to an HTTPS request. So the cookies go in the clear. If you set "secure=yes", then that initial HTTP link which gets redirected happens _without_ cookies, so the cookies don't go in the clear. Gerv

Olav Vitters

Updated

•

19 years ago

QA Contact: mattyt-bugzilla → default-qa

Frédéric Buclin

Updated

•

18 years ago

Assignee: myk → user-accounts

Antonis Christofides

Updated

•

18 years ago

Status: NEW → RESOLVED

Closed: 18 years ago

Resolution: --- → DUPLICATE

timeless

Updated

•

18 years ago

Status: RESOLVED → VERIFIED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

We should set "secure=yes" in cookies when using HTTPS.

Categories

(Bugzilla :: User Accounts, defect)

Tracking

()

People

(Reporter: gerv, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated

Updated

Updated