Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.7.0
-
None
-
None
Description
The settings are described as:
If <true> cookie will only be sent over secure connections.
- PHP setting: session.cookie_secure
#CookieSecure=false|true
Tells browser to not allow scripts to access cookie, only supported on php 5.2+ - PHP setting: session.cookie_httponly
#CookieHttponly=false|true
but they do not work. if the settings have a value other than 0 or empty, they are always treated as true. even using the description and defining Setting=false, will give a behavior of true.
Steps to reproduce
set any of those settings to any string you like. they will all be treated as true.
put the setting to false, it will not work.
steps to reproduce
change the settings, clear the cache, and verify that no changes are performed on session parameters through a eZDebug::writeError(session_get_cookie_params()); added to index.php (for instance)
Attachments
Issue Links
- clones
-
EZP-19503 Broken settings in site.ini: CookieSecure and CookieHttpolny
- Closed