Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
4.4.0, 4.5.0, 4.7.0-dev, 4.6.0
-
None
Description
The settings are described as:
- If <true> cookie will only be sent over secure connections.
- - PHP setting: session.cookie_secure
#CookieSecure=false|true - Tells browser to not allow scripts to access cookie, only supported on php 5.2+
- - PHP setting: session.cookie_httponly
#CookieHttponly=false|true
but they do not work. if the settings have a value other than 0 or empty, they are always treated as true. even using the description and defining Setting=false, will give a behavior of true.
Steps to reproduce
set any of those settings to any string you like. they will all be treated as true.
put the setting to false, it will not work.
Attachments
Issue Links
- is cloned by
-
EZP-21173 Broken settings in site.ini: CookieSecure and CookieHttpolny
- Closed