Bug #25782

typo3-login-cookiecheck Cookie does not respect cookieSecure

Added by Jan Loderhose over 11 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
-
Start date:
2011-04-06
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

If $TYPO3_CONF_VARS['SYS']['cookieSecure'] and $TYPO3_CONF_VARS['BE'][lockSSL] in Install Tool are set to a value forcing secure communication for cookies the typo3-login-cookiecheck cookie is not limited to secure connections.

It is not a security flaw in this particular case but any part of the Core should obey the TYPO3_CONF_VARS settings.

#1

Updated by Alexander Opitz about 8 years ago

  • Status changed from New to Needs Feedback
  • Is Regression set to No

Hi,

as this issue is very old. Does the problem still exists within newer versions of TYPO3 CMS (6.2.3)?

#2

Updated by Jan Loderhose about 8 years ago

Seems to be alright now.

#3

Updated by Alexander Opitz about 8 years ago

  • Status changed from Needs Feedback to Closed

Ok, closing the issue. Thanks for the help.

Also available in: Atom PDF