Skip to content
Snippets Groups Projects

make cookie a bit more secure - fixes #445

Merged dakkar requested to merge feature/445-more-secure-cookie into develop

What does this PR do?

We can't make the cookie HttpOnly because we're setting it from Javascript, but I'm not sure it's worth the trouble to redesign that: JSON.parse(localStorage.account).token gives you the token anyway, hiding the cookie from JS won't offer much protection.

At least we can mark is Secure (meaning, only send it over HTTPS) and delete it on logout (it wasn't!)

Contribution Guidelines By submitting this merge request, you agree to follow our Contribution Guidelines

  • I agree to follow this project's Contribution Guidelines
  • I have made sure to test this pull request

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply
Loading