Autologout cookie is not secure

Created on 7 September 2022, over 2 years ago
Updated 4 September 2024, 4 months ago

Problem/Motivation

Security scans complain about the Secure attribute not being set on the autologout cookie.

Steps to reproduce

  1. Ensure this module is enabled and autologout is configured
  2. Log in to the site
  3. Open your developer tools, find your cookies, and look at the "Drupal.visitor.autologout" cookie. You will see that the "Secure" parameter is not set.

Proposed resolution

Set the "Secure" parameter on this cookie. Possibly add an option to toggle it in case anyone is using this module on an http:// site.

Remaining tasks

Create a patch.

User interface changes

Possibly a checkbox for toggling whether the cookie is secure or not.

Feature request
Status

Needs review

Version

2.0

Component

Code

Created by

🇨🇦Canada dylan donkersgoed London, Ontario

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024