Uploaded image for project: 'Magnolia Demo Projects'
  1. Magnolia Demo Projects
  2. MGNLDEMO-207

Secure travel-demo custom cookie

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Do
    • Neutral
    • None
    • None
    • None
    • None

    Description

      As seen in MGNLPN-250, cookies should have at least the httpOnly flag turned on. secure is also good to have, but only when running the site over HTTPS. The script we currently use to personalize which type tour is shown to a returning user doesn't set those flags. As it uses Javascript, it can't set the httpOnly. And while it could set the secure flag when it detects an https URL, it would be best if it respected the JCR configuration set in the filter since MGNLPN-250. For that reason it would be good to create that cookie with Java rather than JS.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              mmichel Maxime Michel
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Task DoD