[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov changed: What|Removed |Added Status|Passed QA |Pushed to Master --- Comment #19 from Jared Camins-Esakov --- This patch has been pushed to master. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #18 from M. de Rooy --- Tested. See the HttpOnly flag in Firebug. Checked cookie processing in IE9 and FF with opac language and session. Also added an item without problems. Code looks good to me. Passed QA Note for RM: Will take a look too at the related report of Galen. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy changed: What|Removed |Added Attachment #14618|0 |1 is obsolete|| --- Comment #17 from M. de Rooy --- Created attachment 14994 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14994&action=edit Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie Signed-off-by: Galen Charlton Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy changed: What|Removed |Added Status|Signed Off |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy changed: What|Removed |Added CC||m.de.r...@rijksmuseum.nl QA Contact||m.de.r...@rijksmuseum.nl -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #16 from Galen Charlton --- Note for QA/RM - this patch stands alone, but I recommend that the patch be tested and pushed at the same time as the patch for bug 9401. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Galen Charlton changed: What|Removed |Added Attachment #13838|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #15 from Galen Charlton --- Created attachment 14618 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14618&action=edit Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie Signed-off-by: Galen Charlton -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Galen Charlton changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Galen Charlton changed: What|Removed |Added Depends on||9401 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Galen Charlton changed: What|Removed |Added CC||gmcha...@gmail.com --- Comment #14 from Galen Charlton --- I've spent quite a bit of time reviewing the second patch. I'm about ready to sign off on it, but I've identified some JavaScript related to tags that expects to read the CGISESSID cookie. Fortunately, it doesn't actually need to in order to work, but I want to remove references to it. The offending bits of JavaScript are contained in three files: koha-tmpl/intranet-tmpl/prog/en/modules/tags/review.tt koha-tmpl/opac-tmpl/prog/en/js/tags.js koha-tmpl/opac-tmpl/ccsr/en/js/tags.js -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov changed: What|Removed |Added Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov changed: What|Removed |Added Status|Pushed to Master|ASSIGNED -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov changed: What|Removed |Added Attachment #14384|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov changed: What|Removed |Added Status|Passed QA |Pushed to Master --- Comment #13 from Jared Camins-Esakov --- The first patch has been pushed to master. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Katrin Fischer changed: What|Removed |Added Attachment #13580|0 |1 is obsolete|| --- Comment #12 from Katrin Fischer --- Created attachment 14384 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14384&action=edit [SIGNED-OFF] Bug 9102 : Set HttpOnly on the CGISESSID cookie https://www.owasp.org/index.php/HttpOnly Signed-off-by: Kyle M Hall Signed-off-by: Katrin Fischer To test, use curl Before the patch % curl -I http://192.168.2.135 HTTP/1.1 200 OK Date: Sun, 18 Nov 2012 06:56:49 GMT Server: Apache/2.2.22 (Ubuntu) Pragma: no-cache Cache-control: no-cache Content-script-type: text/javascript Content-style-type: text/css Set-Cookie: CGISESSID=19689f6e7d8ec94c25269fecebf2f009; path=/ Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 After patch % curl -I http://192.168.2.135 HTTP/1.1 200 OK Date: Sun, 18 Nov 2012 07:01:04 GMT Server: Apache/2.2.22 (Ubuntu) Pragma: no-cache Cache-control: no-cache Content-script-type: text/javascript Content-style-type: text/css Set-Cookie: CGISESSID=da25baf03c0bc1e2c512a627028e43e6; path=/; HttpOnly Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Katrin Fischer changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack changed: What|Removed |Added Status|Needs Signoff |Signed Off --- Comment #11 from Chris Cormack --- I think we should QA the first patch and push it, the second one should be safe and essentially a no-op but is hard to test. So if we could push the first one and then put this back to needs sign off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #10 from Jonathan Druart --- (In reply to comment #9) > (In reply to comment #8) > > Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie > > Is there a way to test the follow-up like their was for Chris's patch? I don't know... I think if you don't have any error on some pages the patch works. But if we have a doubt about this patch, we don't have to integrate it. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #9 from Owen Leonard --- (In reply to comment #8) > Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie Is there a way to test the follow-up like their was for Chris's patch? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #8 from Jonathan Druart --- Created attachment 13838 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13838&action=edit Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jonathan Druart changed: What|Removed |Added Status|Signed Off |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #7 from Chris Cormack --- Not sure about that Jonathan, since those ones are only used by the API, not rendered in a page. Possibly users of the API might want to interact with the cookie with javascript? More likely, since they wont be interacting with it with a browser that understands the httponly flag it will be ignored. We could add the flag just in case a user is tricked into going to a page from the api, that has been compromised and has xss in it. Maybe send a follow up, It can't really hurt to have it in it I think. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jonathan Druart changed: What|Removed |Added CC||jonathan.dru...@biblibre.co ||m Patch complexity|--- |Small patch --- Comment #6 from Jonathan Druart --- Hi Chris, There are 2 other occurrences of this kind in C4::Auth::check_api_auth: l.1141 my $cookie = $query->cookie( CGISESSID => $session->id ); l.1185 my $cookie = $query->cookie(CGISESSID => $sessionID); Don't you think we have to add this flag for them too? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Kyle M Hall changed: What|Removed |Added Status|Needs Signoff |Signed Off CC||k...@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Kyle M Hall changed: What|Removed |Added Attachment #13539|0 |1 is obsolete|| --- Comment #5 from Kyle M Hall --- Created attachment 13580 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13580&action=edit Bug 9102 : Set HttpOnly on the CGISESSID cookie Signed-off-by: Kyle M Hall -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Owen Leonard changed: What|Removed |Added Status|Needs Signoff |Failed QA --- Comment #3 from Owen Leonard --- The test works as expected, but can we get a resubmission without tab indentation on the affected lines? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack changed: What|Removed |Added Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack changed: What|Removed |Added Attachment #13504|0 |1 is obsolete|| --- Comment #4 from Chris Cormack --- Created attachment 13539 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13539&action=edit Bug 9102 : Set HttpOnly on the CGISESSID cookie -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #2 from Chris Cormack --- Created attachment 13504 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13504&action=edit Bug 9102 : Set HttpOnly on the CGISESSID cookie -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack changed: What|Removed |Added CC||ch...@bigballofwax.co.nz -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #1 from Chris Cormack --- To test, use curl Before the patch % curl -I http://192.168.2.135 HTTP/1.1 200 OK Date: Sun, 18 Nov 2012 06:56:49 GMT Server: Apache/2.2.22 (Ubuntu) Pragma: no-cache Cache-control: no-cache Content-script-type: text/javascript Content-style-type: text/css Set-Cookie: CGISESSID=19689f6e7d8ec94c25269fecebf2f009; path=/ Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 After patch % curl -I http://192.168.2.135 HTTP/1.1 200 OK Date: Sun, 18 Nov 2012 07:01:04 GMT Server: Apache/2.2.22 (Ubuntu) Pragma: no-cache Cache-control: no-cache Content-script-type: text/javascript Content-style-type: text/css Set-Cookie: CGISESSID=da25baf03c0bc1e2c512a627028e43e6; path=/; HttpOnly Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/