https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #57 from David Cook <[email protected]> --- I hate to say it now, but I think we should change tack, and just focus on the SameSiteSessionCookie being for the CGISESSID cookie and only for authenticated contexts. (Focusing only on the CGISESSID cookie is mostly just to help in terms of testability, although I think the best practice is to only set Strict for sensitive cookies.) That should provide security for authenticated Koha users while also allowing usability for things like SSO. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
