Page MenuHomePhabricator
Create Task
Maniphest T10751

session cookies do not follow $wfCookieSecure
Closed, ResolvedPublic
Actions

Description

Author: ekb87ds02

Description:
There's a setting, $wfCookieSecure, that determines whether the cookies used by
mediawiki are supposed to be https only. This setting is not honored for the
session cookie. The interface to do that is new in PHP 4.2.0; as mediawiki now
requires PHP 5, it can be enabled.

Note that there is a similar bug 4731 for the httponly parameter, but that is
new in PHP 5.2 so it might be undesirable to enable that.

See also

http://www.php.net/manual/en/function.session-set-cookie-params.php

Version: unspecified
Severity: normal
OS: Windows XP
Platform: PC

Details

Reference
bz8751

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:30 PM
bzimport added a project: MediaWiki-User-login-and-signup.
bzimport set Reference to bz8751.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jan 24 2007, 10:59 AM
bzimport added a comment.Jan 24 2007, 11:00 AM

ekb87ds02 wrote:

Patch to fix bug

Attached:

sessioncookiesecure.diff860 BDownload

brion added a comment.Jan 24 2007, 5:19 PM

Whoops, good catch!

Fixed in r19636

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL