New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revisit cookies #1447

Closed

XhmikosR opened this issue Jun 6, 2020 · 1 comment

Labels

Security Submitter Attention Required

Contributor

XhmikosR commented Jun 6, 2020 •

edited

Loading

After #1256 is sorted:

We should probably revisit the cookies path; we are not setting it and I'm not sure if it's correct.
There's still a PHPSESSID cookie which I'm unsure how to tackle
We should eventually look into adding the Secure option if one is running the admin interface on https
Ideally we shouldn't touch the cookie in JS and thus add the httponly flag too

Split from #1256 (comment)

The text was updated successfully, but these errors were encountered:

XhmikosR added the Security label

XhmikosR mentioned this issue

Admin interface login not working after changing password with pihole -a -p #1614

Closed

PromoFaux mentioned this issue

Add httponly = true to persistent login cookie #1875

Merged

8 tasks

Contributor

github-actions bot commented Jan 11, 2022

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

github-actions bot added the Submitter Attention Required label

github-actions bot closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment