Univention Bugzilla – Bug 53531
Cookie "UMCLang" without "Secure: true"
Last modified: 2022-02-23 14:42:33 CET
We have a "frontend cookie", that is only set by our frontend and only used by our frontend. It stores the preferred language across "login sessions". This cookie is not set with Secure: true, issuing a browser warning when used in a HTTPS session: Cookie “UMCLang” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite Same with a cookie named _umcCookieCheck - apparently only used to check the browser feature.
... and maybe even UMCUsername? Could not find it in the cookie store, but a warning by the browser was seen.
(In reply to Dirk Wiesenthal from comment #1) > ... and maybe even UMCUsername? Could not find it in the cookie store, but a > warning by the browser was seen. No, UMCUsername is removed in the frontend after a login.