[MGNLDEMO-207] Secure travel-demo custom cookie Created: 23/Jan/17  Updated: 25/Oct/18  Resolved: 25/Oct/18

Status: Closed
Project: Magnolia Demo Projects
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Maxime Michel Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)

 Description   

As seen in MGNLPN-250, cookies should have at least the httpOnly flag turned on. secure is also good to have, but only when running the site over HTTPS. The script we currently use to personalize which type tour is shown to a returning user doesn't set those flags. As it uses Javascript, it can't set the httpOnly. And while it could set the secure flag when it detects an https URL, it would be best if it respected the JCR configuration set in the filter since MGNLPN-250. For that reason it would be good to create that cookie with Java rather than JS.


Generated at Mon Feb 12 05:17:23 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.