i-MSCP cookies should use "Secure" and "HttpOnly" flags in Set Cookie directive.
Please see: https://developer.mozilla.org/…cure_and_HttpOnly_cookies
Set-Cookie Best Practice
- Starlight
- Thread is marked as Resolved.
-
You can open that in the bugtracker, I guess.
In general it wouldnt be bad, but if go to that way then you need to do a lot of think (auto generated files, etc.).
-
-
i-MSCP cookies should use "Secure" and "HttpOnly" flags in Set Cookie directive.
I had a discussion about this subject already in past. See https://github.com/i-MSCP/imscp/pull/92