[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy m.de.r...@rijksmuseum.nl changed: What|Removed |Added CC|

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy m.de.r...@rijksmuseum.nl changed: What|Removed |Added Status|Signed Off |Needs

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy m.de.r...@rijksmuseum.nl changed: What|Removed |Added Attachment #14618|0 |1

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy m.de.r...@rijksmuseum.nl changed: What|Removed |Added Status|Needs Signoff |Signed

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 M. de Rooy m.de.r...@rijksmuseum.nl changed: What|Removed |Added Status|Signed Off |Passed

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #18 from M. de Rooy m.de.r...@rijksmuseum.nl --- Tested. See the HttpOnly flag in Firebug. Checked cookie processing in IE9 and FF with opac language and session. Also added an item without problems. Code looks good to me.

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov jcam...@cpbibliography.com changed: What|Removed |Added Status|Passed QA

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Galen Charlton gmcha...@gmail.com changed: What|Removed |Added CC|

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Galen Charlton gmcha...@gmail.com changed: What|Removed |Added Depends on||9401 --

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Galen Charlton gmcha...@gmail.com changed: What|Removed |Added Status|Needs Signoff |Signed Off

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #15 from Galen Charlton gmcha...@gmail.com --- Created attachment 14618 -- http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14618action=edit Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Galen Charlton gmcha...@gmail.com changed: What|Removed |Added Attachment #13838|0 |1

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #16 from Galen Charlton gmcha...@gmail.com --- Note for QA/RM - this patch stands alone, but I recommend that the patch be tested and pushed at the same time as the patch for bug 9401. -- You are receiving this mail

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov jcam...@cpbibliography.com changed: What|Removed |Added Status|Passed QA

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov jcam...@cpbibliography.com changed: What|Removed |Added Attachment #14384|0

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov jcam...@cpbibliography.com changed: What|Removed |Added Status|Pushed to Master

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jared Camins-Esakov jcam...@cpbibliography.com changed: What|Removed |Added Status|ASSIGNED

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Katrin Fischer katrin.fisc...@bsz-bw.de changed: What|Removed |Added Status|Signed Off

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Katrin Fischer katrin.fisc...@bsz-bw.de changed: What|Removed |Added Attachment #13580|0 |1

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack ch...@bigballofwax.co.nz changed: What|Removed |Added Status|Needs Signoff

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #9 from Owen Leonard oleon...@myacpl.org --- (In reply to comment #8) Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie Is there a way to test the follow-up like their was for Chris's patch? -- You are receiving

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #10 from Jonathan Druart jonathan.dru...@biblibre.com --- (In reply to comment #9) (In reply to comment #8) Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie Is there a way to test the follow-up like their was

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jonathan Druart jonathan.dru...@biblibre.com changed: What|Removed |Added Status|Signed Off

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #8 from Jonathan Druart jonathan.dru...@biblibre.com --- Created attachment 13838 -- http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13838action=edit Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie --

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Jonathan Druart jonathan.dru...@biblibre.com changed: What|Removed |Added CC|

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #7 from Chris Cormack ch...@bigballofwax.co.nz --- Not sure about that Jonathan, since those ones are only used by the API, not rendered in a page. Possibly users of the API might want to interact with the cookie with

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Kyle M Hall k...@bywatersolutions.com changed: What|Removed |Added Attachment #13539|0 |1

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Kyle M Hall k...@bywatersolutions.com changed: What|Removed |Added Status|Needs Signoff |Signed

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack ch...@bigballofwax.co.nz changed: What|Removed |Added Attachment #13504|0 |1

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack ch...@bigballofwax.co.nz changed: What|Removed |Added Status|Failed QA |Needs

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Owen Leonard oleon...@myacpl.org changed: What|Removed |Added Status|Needs Signoff |Failed QA

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #1 from Chris Cormack ch...@bigballofwax.co.nz --- To test, use curl Before the patch % curl -I http://192.168.2.135 HTTP/1.1 200 OK Date: Sun, 18 Nov 2012 06:56:49 GMT Server:

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack ch...@bigballofwax.co.nz changed: What|Removed |Added CC|

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #2 from Chris Cormack ch...@bigballofwax.co.nz --- Created attachment 13504 -- http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=13504action=edit Bug 9102 : Set HttpOnly on the CGISESSID cookie -- You are

[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 Chris Cormack ch...@bigballofwax.co.nz changed: What|Removed |Added Status|NEW |Needs