Actions
Bug #25782
closedtypo3-login-cookiecheck Cookie does not respect cookieSecure
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
-
Start date:
2011-04-06
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
If $TYPO3_CONF_VARS['SYS']['cookieSecure'] and $TYPO3_CONF_VARS['BE'][lockSSL] in Install Tool are set to a value forcing secure communication for cookies the typo3-login-cookiecheck cookie is not limited to secure connections.
It is not a security flaw in this particular case but any part of the Core should obey the TYPO3_CONF_VARS settings.
Actions