Send secure cookie
jdh8 opened this issue · comments
I suggest setting secure cookie if a mod logs in via HTTPS.
jdh8@d819fc4
On my site, mod.php is redirected to HTTPS. Would my patch cause problems on an HTTP/HTTPS dual moderation site?
I believe that no issues would arise, other than having to log in twice.
Another thing is that sessions are tied to IP addresses, but better
security is better.
I would also consider setting httpOnly
5 cze 2014 16:09 "Chen-Pang He" notifications@github.com napisał(a):
I suggest setting secure cookie if a mod logs in via HTTPS.
jdh8/vichan@d819fc4
jdh8@d819fc4On my site http://boards.jdh8.org, mod.php is redirected to HTTPS.
Would my patch cause problems on an HTTP/HTTPS dual moderation site?—
Reply to this email directly or view it on GitHub
#177.
HttpOnly is already set on Tinyboard.
By the way, thanks for your imageboard solution. It outperforms old crappy ones.
This patch has been committed into vichan.
vichan-devel@6716a24