View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000563 | WackoWiki | authentication | public | 2024-02-16 07:25 | 2024-02-16 07:29 |
Reporter | administrator | Assigned To | administrator | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Product Version | 6.1.x | ||||
Target Version | 6.1.x | Fixed in Version | 6.1.x | ||
Summary | 0000563: Change $cf_cookie_samesite default to 'Lax' | ||||
Description | The original value was 'Strict' for security purposes, the intention being to provide the strongest possible protection against CSRF attacks. Unfortunately, this actually prevents the user's session cookie from being recognized when clicking a link from a notification email, causing MantisBT to open an anonymous session even when the user is logged in. Changing the default value to 'Lax' fixes the issue. | ||||
Additional Information | https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite | ||||
Tags | No tags attached. | ||||
related to | 0000562 | confirmed | page call not detecting authenticated session |
Date Modified | Username | Field | Change |
---|---|---|---|
2024-02-16 07:25 | administrator | New Issue | |
2024-02-16 07:25 | administrator | Status | new => assigned |
2024-02-16 07:25 | administrator | Assigned To | => administrator |
2024-02-16 07:26 | administrator | Relationship added | related to 0000562 |
2024-02-16 07:29 | administrator | Status | assigned => resolved |
2024-02-16 07:29 | administrator | Resolution | open => fixed |
2024-02-16 07:29 | administrator | Fixed in Version | => 6.1.x |
2024-02-16 07:29 | administrator | Note Added: 0001102 |