Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#40005] - [4.2] Not prefixed cookies

Feature No Code Attached Yet
avatar imperpl
imperpl
4 Mar 2023

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

Prefixed cookies are security related.

Could be changed by hand (Host or secure).

Session.php (line 204)
--- $this->store->setName($name);
+++ $this->store->setName('__Host-'.$name);

Actual result

System information (as much as possible)

PHP 8.1

Additional comments

I'm sorry if it's not the right place (if so please at least point, where it should be suggested)

avatar imperpl imperpl - open - 4 Mar 2023
avatar imperpl imperpl - change - 4 Mar 2023
Labels Removed: ?
avatar joomla-cms-bot joomla-cms-bot - change - 4 Mar 2023
Labels Added: No Code Attached Yet
avatar joomla-cms-bot joomla-cms-bot - labeled - 4 Mar 2023
avatar Hackwar Hackwar - change - 22 Aug 2023
Labels Added: Feature
avatar Hackwar Hackwar - labeled - 22 Aug 2023
avatar brianteeman brianteeman - change - 29 Aug 2023
Status New Closed
Closed_Date 0000-00-00 00:00:00 2023-08-29 07:01:29
Closed_By brianteeman
avatar brianteeman brianteeman - close - 29 Aug 2023
avatar brianteeman
brianteeman - comment - 29 Aug 2023

As this requires the secure flag then its basically the same issue as #40651 so closing this as a duplicate

Add a Comment

Login with GitHub to post a comment