Mahara

Session setting should be more secure

Bug #1508721 reported by Son Nguyen
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Son Nguyen
Mahara 16.04.0
1.10
Fix Released
High
Unassigned
Mahara 1.10.10
15.04
Fix Released
High
Unassigned
Mahara 15.04.7
15.10
Fix Released
High
Unassigned
Mahara 15.10.3

Bug Description

Version: from 1.9
Platform: any
Browser: any

According to http://php.net/manual/en/session.security.php, we should enable some session setting for better web security.

Revision history for this message
Son Nguyen (ngson2000) wrote :

https://reviews.mahara.org/#/c/5574/

information type: Public → Public Security
information type: Public Security → Private Security
Robert Lyon (robertl-9)
Changed in mahara:
milestone: none → 16.04.0
status: In Progress → Fix Committed
Aaron Wells (u-aaronw)
information type: Private Security → Public Security
Kristina Hoeppner (kris-hoeppner)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.