Posted by Heine on January 28, 2009 at 8:48pm
3 followers
Jump to:
| Project: | Secure Pages Hijack Prevention |
| Version: | 6.x-1.0 |
| Component: | Documentation |
| Category: | task |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
Can you please amend the project description "It is recommended for all securepages users."?
IMO it is only recommended for people who want mixed HTTPS/HTTP sessions and do not care about information leaks.
Comments
#1
In my experience this is pretty much everyone using securepages, since very few end-users are aware of this issue, and securepages doesn't advise its' users to enable session.cookie_secure (and usually those that do enable it are annoyed when they realize they can't have mixed sessions anymore).
I don't want the project page to be too complicated or technical... But I have updated it. Please mark this issue as "fixed" if you think the new page addresses your concern.
Thanks!
#2
#3
Automatically closed -- issue fixed for 2 weeks with no activity.