Feb 11
Jon Harris [LP8.6/Apache/Win] Cookie Problem
Feb 11, 2015; 17:31
Jon Harris
[LP8.6/Apache/Win] Cookie Problem
Hi List
A scan of our clients site "revealed" some vulnerabilities around cookies.
It said we had:
"Missing Secure Flag From SSL Cookie (http-cookie-secure-flag)"
"Missing HttpOnly Flag From Cookie (http-cookie-http-only-flag)"
So, to turn this on, I did a couple of edits of the httpd.conf
I uncommented:
LoadModule headers_module modules/mod_headers.so
Then added the line:
Header set Set-Cookie HttpOnly;Secure
My login.lasso page, does an ajax call to a page which does this:
Session_Start(-Name = $site + 'user', -Expires=120, -UseCookie);
Session_AddVar(-Name=$site + 'user', 'sessionloginok');
On the callback page sessionloginok wasn't set.
When I removed the "Header set" - it worked again.
Does anyone know why this is happening?
Regards
Jon Harris
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Feb 11
Steve Piercy - Website Builder Re: [LP8.6/Apache/Win] Cookie Problem
Feb 11, 2015; 10:55
Steve Piercy - Website Builder
Re: [LP8.6/Apache/Win] Cookie Problem
Feb 11
Bil Corry Re: [LP8.6/Apache/Win] Cookie Problem
Feb 11, 2015; 20:31
Bil Corry
Re: [LP8.6/Apache/Win] Cookie Problem
Feb 11
Jolle Carlestam Re: [LP8.6/Apache/Win] Cookie Problem
Feb 11, 2015; 21:52
Jolle Carlestam
Re: [LP8.6/Apache/Win] Cookie Problem
Feb 12
Jon Harris RE: [LP8.6/Apache/Win] Cookie Problem
Feb 12, 2015; 08:01
Jon Harris
RE: [LP8.6/Apache/Win] Cookie Problem
Feb 12
Jon Harris RE: [LP8.6/Apache/Win] Cookie Problem
Feb 12, 2015; 08:37
Jon Harris
RE: [LP8.6/Apache/Win] Cookie Problem
Feb 12
Steve Piercy - Website Builder RE: [LP8.6/Apache/Win] Cookie Problem
Feb 12, 2015; 01:07
Steve Piercy - Website Builder
RE: [LP8.6/Apache/Win] Cookie Problem
Feb 12
Steve Piercy - Website Builder RE: [LP8.6/Apache/Win] Cookie Problem
Feb 12, 2015; 01:12
Steve Piercy - Website Builder
RE: [LP8.6/Apache/Win] Cookie Problem
Feb 12
Brad Lindsay Re: [LP8.6/Apache/Win] Cookie Problem
Feb 12, 2015; 09:18
Brad Lindsay
Re: [LP8.6/Apache/Win] Cookie Problem
Feb 12
Jolle Carlestam Re: [LP8.6/Apache/Win] Cookie Problem
Feb 12, 2015; 21:02
Jolle Carlestam
Re: [LP8.6/Apache/Win] Cookie Problem
Feb 12
Brad Lindsay Re: [LP8.6/Apache/Win] Cookie Problem
Feb 12, 2015; 16:19
Brad Lindsay
Re: [LP8.6/Apache/Win] Cookie Problem
Feb 13
Jolle Carlestam Re: [LP8.6/Apache/Win] Cookie Problem
Feb 13, 2015; 06:20
Jolle Carlestam
Re: [LP8.6/Apache/Win] Cookie Problem