You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Tom Beerbower (JIRA)" <ji...@apache.org> on 2015/05/14 14:55:59 UTC
[jira] [Created] (AMBARI-11129) Set HttpOnly and Secure flags for
Ambari session cookies
Tom Beerbower created AMBARI-11129:
--------------------------------------
Summary: Set HttpOnly and Secure flags for Ambari session cookies
Key: AMBARI-11129
URL: https://issues.apache.org/jira/browse/AMBARI-11129
Project: Ambari
Issue Type: Task
Reporter: Tom Beerbower
Assignee: Tom Beerbower
Fix For: 2.1.0
Ambari should set the following flags for session cookies.
1) https://www.owasp.org/index.php/HttpOnly
2) https://www.owasp.org/index.php/SecureFlag
#2 only needs to be set when people configure for Ambari HTTPS
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)