Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX #253 Faille XSS session cookie #357

Merged
merged 1 commit into from
Jan 3, 2020
Merged

FIX #253 Faille XSS session cookie #357

merged 1 commit into from
Jan 3, 2020

Conversation

haruka-7
Copy link
Collaborator

@haruka-7 haruka-7 commented Jan 2, 2020

FIX #253

@haruka-7 haruka-7 added this to the PluXml 5.8 milestone Jan 2, 2020
@haruka-7 haruka-7 mentioned this pull request Jan 2, 2020
Closed
@haruka-7
Copy link
Collaborator Author

haruka-7 commented Jan 2, 2020
edited
Loading

Hello @bazooka07 est-ce que tu peux regarder cette PR, stp ?

J'ai fais la modification des paramètres du cookie pour chaque session_start() présent dans le projet, avec le cas particulier de l'administration pour lequel la date d'expiration du cookie de session est mis à jour à chaque refresh de la page. En revanche, et je n'ai pas précisé le path ("core/admin"), pour éviter d'avoir deux cookies de session (un avec le path "core/admin" et un avec le path "/" pour la partie public du site).

@haruka-7 haruka-7 merged commit c446fdc into develop Jan 3, 2020
@haruka-7 haruka-7 deleted the fix/253 branch January 7, 2020 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
PluXml 5.8
Development

Successfully merging this pull request may close these issues.
2 participants
@haruka-7 @pedrocadete