Open Stack

** Changed in: horizon
       Status: New => Confirmed

** Changed in: horizon
   Importance: Undecided => Medium

** Summary changed:

- The cookies for messages, django_timezone,horizon_pagesize, and horizon_language are not marked as "secure"
+ The "message" cookie is not marked as "secure"

** Description changed:

+ The message cookie is not marked as 'secure', as identified by the
+ following security report.  If might contain sensitive information, and
+ would benefit from being marked as secure.
+ 
+ ---
+ 
  Affected URL: https://Ip_address/settings/
  Affected Entity: messages, django_timezone, horizon_pagesize, and horizon_language
  Risk: It may be possible to steal user and session information (cookies) that was sent during an encrypted session
  
  Causes: The web application sends non-secure cookies over SSL
  
  Recommend Fix: Add the 'Secure' attribute to all sensitive cookies

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1369870

Title:
  The "message" cookie is not marked as "secure"

Status in OpenStack Dashboard (Horizon):
  Confirmed

Bug description:
  The message cookie is not marked as 'secure', as identified by the
  following security report.  If might contain sensitive information,
  and would benefit from being marked as secure.

  ---

  Affected URL: https://Ip_address/settings/
  Affected Entity: messages, django_timezone, horizon_pagesize, and horizon_language
  Risk: It may be possible to steal user and session information (cookies) that was sent during an encrypted session

  Causes: The web application sends non-secure cookies over SSL

  Recommend Fix: Add the 'Secure' attribute to all sensitive cookies

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1369870/+subscriptions