6.0.0-beta6
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
4/10/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#6910] Horde still sends cookies when not using cookies for sessions
*
Your Email Address
*
Spam protection
Enter the letters below:
.___.__..___..__.. . [__ | | | | ||\/| | |__| | |__\| |
Comment
> I'm not sure why this is an issue, let alone high priority? The point > is that it should still work with cookies turned off and that seems > to be the case. There are more places we set cookies unconditionally, > actually anywhere where we set them through javascript instead of PHP. > > Regarding Secret, IIRC off my head we try to establish a shared > secret for the browser session. A cookie with some random token is > considered the most secure, if that fails we build a token from the > browser connection (IP, user agent?). We could probably check the > configuration if cookies are turned off completely, instead of trying > to send the cookie and verifying whether we get it back. But I still > don't see why this is an issue.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers