Session setting should be more secure

Bug #1508721 reported by Son Nguyen on 2015-10-21
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Son Nguyen
1.10
High
Unassigned
15.04
High
Unassigned
15.10
High
Unassigned

Bug Description

Version: from 1.9
Platform: any
Browser: any

According to http://php.net/manual/en/session.security.php, we should enable some session setting for better web security.

Son Nguyen (ngson2000) wrote :
information type: Public → Public Security
information type: Public Security → Private Security
Robert Lyon (robertl-9) on 2016-03-30
Changed in mahara:
milestone: none → 16.04.0
status: In Progress → Fix Committed
Aaron Wells (u-aaronw) on 2016-04-28
information type: Private Security → Public Security
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers