[Openstack-security] [Bug 1369870] Re: The cookies for messages, django_timezone, horizon_pagesize, and horizon_language are not marked as "secure"
Zhang Yun
zhangyun at cn.ibm.com
Wed Sep 24 02:20:04 UTC 2014
Hi Doug, I modified the title and removed the sample response according
to your comments. Would you please take some time to re-investigate it?
Thanks.
** Changed in: horizon
Status: Incomplete => New
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1369870
Title:
The cookies for messages, django_timezone,horizon_pagesize, and
horizon_language are not marked as "secure"
Status in OpenStack Dashboard (Horizon):
New
Bug description:
Affected URL: https://Ip_address/settings/
Affected Entity: messages, django_timezone, horizon_pagesize, and horizon_language
Risk: It may be possible to steal user and session information (cookies) that was sent during an encrypted session
Causes: The web application sends non-secure cookies over SSL
Recommend Fix: Add the 'Secure' attribute to all sensitive cookies
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1369870/+subscriptions
More information about the Openstack-security
mailing list