Univention Bugzilla – Bug 53511
[4.4] Set cookie security flag if connection via https
Last modified: 2021-08-25 17:46:52 CEST
Backport to UCS 4.4: +++ This bug was initially created as a clone of Bug #51242 +++ A customer has reported that we do not use the cookie secure flag. Connection downgrades make it possible to retrieve session cookies in insecure networks. As Florian suggested it would be an improvement if we set the flag when connecting via https.
Backported in: univention-management-console.yaml ad550b58c595 | Bug #53511: make it possible to set secure cookies univention-management-console (11.0.6-14) ad550b58c595 | Bug #53511: make it possible to set secure cookies
Backport: OK YAML: OK
<https://errata.software-univention.de/#/?erratum=4.4x1035>