mahara-contributors team mailing list archive

Thread
Date

[Bug 1508721] [NEW] Session setting should be more secure

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Son Nguyen <1508721@xxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Oct 2015 23:31:01 -0000
Reply-to: Bug 1508721 <1508721@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

Version: from 1.9
Platform: any
Browser: any

According to http://php.net/manual/en/session.security.php, we should
enable some session setting for better web security.

** Affects: mahara
     Importance: High
     Assignee: Son Nguyen (ngson2000)
         Status: In Progress

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1508721

Title:
  Session setting should be more secure

Status in Mahara:
  In Progress

Bug description:
  Version: from 1.9
  Platform: any
  Browser: any

  According to http://php.net/manual/en/session.security.php, we should
  enable some session setting for better web security.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1508721/+subscriptions

Follow ups

[Bug 1508721] Re: Session setting should be more secure
From: Robert Lyon, 2016-05-02
[Bug 1508721] Re: Session setting should be more secure
From: Aaron Wells, 2016-05-02
[Bug 1508721] Re: Session setting should be more secure
From: Kristina Hoeppner, 2016-04-29
[Bug 1508721] Re: Session setting should be more secure
From: Aaron Wells, 2016-04-28
[Bug 1508721] Re: Session setting should be more secure
From: Son Nguyen, 2015-10-21