Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-19503

Broken settings in site.ini: CookieSecure and CookieHttpolny

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • None
    • 4.4.0, 4.5.0, 4.7.0-dev, 4.6.0
    • Users and Access control
    • None

    Description

      The settings are described as:

      1. If <true> cookie will only be sent over secure connections.
      2. - PHP setting: session.cookie_secure
        #CookieSecure=false|true
      3. Tells browser to not allow scripts to access cookie, only supported on php 5.2+
      4. - PHP setting: session.cookie_httponly
        #CookieHttponly=false|true

      but they do not work. if the settings have a value other than 0 or empty, they are always treated as true. even using the description and defining Setting=false, will give a behavior of true.

      Steps to reproduce

      set any of those settings to any string you like. they will all be treated as true.

      put the setting to false, it will not work.

      Attachments

        Activity

          People

            pbr@ez.no pbr@ez.no
            pbr@ez.no pbr@ez.no
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: