Re: [RCD] session cookie path

15 Sep 2011


      On Thu, 15 Sep 2011 14:18:19 +0100, Phil Weir wrote:
...
Hi,
At the moment it is possible to set the cookie domain from the config
file. Would the devs consider also adding a similar option for the
session cookie path?
I'm not an rc developer, but here's my few cents: Even though setting 
the path of a cookie doesn't really prevent any XSS [1], I think all 
cookie related values should be configurable:

cookie name (see my diff I've sent couple days ago)
cookie path
cookie domain (already done)
secure flag is already done, I believe (by checking if SSL is in use)
httponly is set hard-coded and should not be changeable, IMO

Cheers,
Stephan
[1] 
http://code.google.com/p/doctype/wiki/ArticleCompartmentalizingApplications
_______________________________________________
List info: http://lists.roundcube.net/dev/
BT/aba52c80

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [RCD] session cookie path