Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27277

ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookie no HttpOnly flag

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      Jenkins' remember me cookie (ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE) is set without the HttpOnly flag.

      Both the JSESSIONID and the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookies can be used interchangeably to access the application.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              kohsuke Kohsuke Kawaguchi
              Reporter:
              _ikki Luca Carettoni
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: