ComponentSpace

Forums



saml-session cookie not set secure by default


saml-session cookie not set secure by default

Author
Message
robert
robert
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 22
after revving component space library to 2.1 the distributed SSO session store cookie ("saml-session") is being set HttpOnly, but not secure by default.  documentation suggests this is unexpected behaviour and am seeking potential solutions to send this cookie securely.


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Robert
In later releases the cookie is marked as secure and HTTP only by default.
Please contact us to see if you qualify for a free upgrade.

Regards
ComponentSpace Development
robert
robert
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 22
ComponentSpace - 2/19/2019
Hi Robert
In later releases the cookie is marked as secure and HTTP only by default.
Please contact us to see if you qualify for a free upgrade.

Many thanks for your reply - what release was this change made? - as per documentation (https://www.componentspace.com/Documentation/SAMLv20-Core/ComponentSpace%20SAML%20v2.0%20Developer%20Guide.pdf pg 26) this should be marked secure by default in the current version in use.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
This change was made in v2.2.0.
You'll find the release notes at:
https://www.componentspace.com/Forums/8402/Release-Notes



Regards
ComponentSpace Development
robert
robert
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 22
ComponentSpace - 2/20/2019
This change was made in v2.2.0.
You'll find the release notes at:
https://www.componentspace.com/Forums/8402/Release-Notes


Many thanks for your help
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search