Can you please amend the project description "It is recommended for all securepages users."?

IMO it is only recommended for people who want mixed HTTPS/HTTP sessions and do not care about information leaks.

Comments

grendzy’s picture

grendzy CreditAttribution: grendzy commented

IMO it is only recommended for people who want mixed HTTPS/HTTP sessions and do not care about information leaks.

In my experience this is pretty much everyone using securepages, since very few end-users are aware of this issue, and securepages doesn't advise its' users to enable session.cookie_secure (and usually those that do enable it are annoyed when they realize they can't have mixed sessions anymore).

I don't want the project page to be too complicated or technical... But I have updated it. Please mark this issue as "fixed" if you think the new page addresses your concern.

Thanks!

grendzy’s picture

grendzy CreditAttribution: grendzy commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.