Send secure cookie

Question

Send secure cookie

jdh8 opened this issue 10 years ago · comments

Chen-Pang He commented 10 years ago

I suggest setting secure cookie if a mod logs in via HTTPS.
jdh8@d819fc4

On my site, mod.php is redirected to HTTPS. Would my patch cause problems on an HTTP/HTTPS dual moderation site?

Marcin Łabanowski · Answer 1 · Thu Jun 05 2014 22:24:39 GMT+0800 (China Standard Time)

I believe that no issues would arise, other than having to log in twice.

Another thing is that sessions are tied to IP addresses, but better
security is better.

I would also consider setting httpOnly
5 cze 2014 16:09 "Chen-Pang He" notifications@github.com napisał(a):

I suggest setting secure cookie if a mod logs in via HTTPS.
jdh8/vichan@d819fc4
jdh8@d819fc4

On my site http://boards.jdh8.org, mod.php is redirected to HTTPS.
Would my patch cause problems on an HTTP/HTTPS dual moderation site?

—
Reply to this email directly or view it on GitHub
#177.

Chen-Pang He · Answer 2 · Fri Jun 06 2014 18:36:20 GMT+0800 (China Standard Time)

HttpOnly is already set on Tinyboard.

By the way, thanks for your imageboard solution. It outperforms old crappy ones.

Chen-Pang He · Answer 3 · Wed Jun 11 2014 01:20:17 GMT+0800 (China Standard Time)

This patch has been committed into vichan.
vichan-devel@6716a24