Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-17435

Automatically set the secure cookie option based on connection type rather than require ACP setting

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 3.3.14
    • Authentication, Sessions

      This seems to be one of the confusing parts of ACP->Cookie settings and requires a KB article phpBB • Knowledge Base > Fixing incorrect cookie settings

      According to PHP: setcookie - Manual

      secure

      Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to true, the cookie will only be set if a secure connection exists. On the server-side, it's on the programmer to send this kind of cookie only on secure connection (e.g. with respect to $_SERVER["HTTPS"]).

      If the PHP documentation says it's on the programmer why does phpBB not automatically choose and therefore remove the configurable option in ACP?

       

            Unassigned Unassigned
            P_I P_I
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: