?

User tests: Successful: Unsuccessful:

avatar Joey3000
Joey3000
23 Aug 2014

Steps to reproduce the issue

  1. Using a tool which is able to display the "httpOnly" flag of a received cookie (an intercepting proxy or the Firebug Firefox add-on (I assume; the built-in Firefox console can't)), log-in and log-out of a site's back-end.

Expected result

  1. Both, the session cookie is "set" and "delete" requests received as part of the server response have the "httpOnly" flag set.

Actual result

  1. The "httpOnly" flag is not set.

System information (as much as possible)

PHP 5.3.6 on Apache on Linux

Additional comments

Added the "secure" and "httpOnly" flags to the cookie "delete" requests as well, as "Cookies must be deleted with the same parameters as they were set with" according to https://php.net/manual/en/function.setcookie.php.

avatar Joey3000 Joey3000 - open - 23 Aug 2014
avatar jissues-bot jissues-bot - change - 23 Aug 2014
Status Pending New
Labels Added: ?
avatar brianteeman brianteeman - change - 23 Aug 2014
Status New Pending
avatar brianteeman brianteeman - change - 17 Oct 2014
Category Libraries
avatar brianteeman brianteeman - close - 1 Jan 2015
avatar brianteeman brianteeman - change - 1 Jan 2015
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2015-01-01 13:01:48
Closed_By brianteeman
avatar brianteeman brianteeman - close - 1 Jan 2015
avatar brianteeman
brianteeman - comment - 1 Jan 2015

Thanks for working on this. Unfortunately this did not make it into the final release of Joomla 2.5, or it was handled elsewhere, so this is being closed. If you feel this is still a valid issue in Joomla 3 please create a new issue.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4153.

avatar Joey3000 Joey3000 - head_ref_deleted - 10 Apr 2015

Add a Comment

Login with GitHub to post a comment