Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
A minor advisory was issued on our last update suggesting HTTPOnly should be set (or at least configurable) the the RSESS and USESS cookies.
Comment | File | Size | Author |
---|---|---|---|
#4 | esi-secure_and_httponly_cookie_params-1910274-4.patch | 1.74 KB | neilnz |
#2 | esi-secure_and_httponly_cookie_params-1910274-1.patch | 1.21 KB | ryanellis |
#1 | esi-secure_and_httponly_cookie_params-1910274-1.patch | 0 bytes | ryanellis |
Comments
Comment #1
ryanellis CreditAttribution: ryanellis commentedComment #2
ryanellis CreditAttribution: ryanellis commentedComment #3
mikeytown2 CreditAttribution: mikeytown2 commentedwill the ajax method still work with this patch?
Comment #4
neilnz CreditAttribution: neilnz commentedHere's a version that won't set httponly if ajax fallback is enabled. Should be safe now?
Comment #5
dstuart CreditAttribution: dstuart at Axis12 Limited commentedNo longer supported