mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't enable secure cookies when they won't work (#9971)

Browse Source 
* Ignore session.cookie_secure errors
They happen if the session is already started.

* Don't allow secure cookies to be enabled when not accessing via https

* Completely remove the setting
This commit is contained in:
Tony Murray
2019-03-17 16:25:59 -05:00
committed by GitHub
parent cd1015992c
commit 1cfe4ea5fd
3 changed files with 0 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
doc/General/Security.md
View File

@@ -13,9 +13,6 @@ a firewall or VPN.
It is also highly recommended that the Web interface is protected with an SSL certificate such as ones
provided by [LetsEncrypt](http://www.letsencrypt.org).
When using HTTPS, it is recommended that you use secure, encrypted cookies to prevent session
hijacking attacks. Set ``$config['secure_cookies'] = true;`` in ``config.php`` to enable these.
Please ensure you keep your install [up to date](Updating.md).
### Reporting vulnerabilities