help desk
You have to modify conf file wuth the following:
variable { "cookie_extranet_secure" : true, "cookie_extranet_httponly" : true, "cookie_sednove_secure" : true, "cookie_sednove_httponly" : true, }
The Secure and HttpOnly cookie attributes both help prevent the leaking of sensitive information. The sed_login module, starting at version 2.7, can apply those attributes to the session cookies of Extenso.
The Secure
attribute instructs the browser to send the cookie over HTTPS only. Setting this attribute for a given cookie will prevent its being sent to pages served in HTTP.
The HttpOnly
attribute makes the cookie invisible to JavaScript in document.cookie
. It helps prevent stealing the session cookie via cross-site scripting (XSS). Set this attribute for a given cookie when the site's JavaScript code has no need to access its value.
To set those two attributes for the session cookies of Extenso, add the following lines to the website's conf
file:
variable { "cookie_extranet_secure" : falas, "cookie_extranet_httponly" : true, "cookie_sednove_secure" : true, "cookie_sednove_httponly" : true, }
cookie_extranet
refers to the sednoveV6
cookie that is set at login;
cookie_sednove
refers to the sednove
cookie that is set at the first request from a given user.
Here is how to set those four variables' values:
cookie extranet_secure
On the vast majority of websites, the secure section (the pages that require the user to log in) will be accessible in HTTPS only. In that case, set cookie_extranet_secure
to true
. For a website that does not support HTTPS, leave it to false
.
cookie_extranet_httponly
Verify if the website's JavaScript code uses the sednoveV6
cookie. If it does, leave cookie_extranet_httponly
to false
. Otherwise, set it to true
.
cookie_sednove_secure
Make a request to the website's root page in HTTP. If it is automatically redirected to HTTPS, it means that the while site is accessible in HTTPS only. If it is the case, then set
cookie_sednove_secure
to true
.
cookie_sednove_httponly
Verify if the website's JavaScript code uses the sednove
cookie. If it does, leave cookie_sednove_httponly
to false
. Otherwise, set it to true
.
After the variables have been set in the website's conf
file, restart Apache for the changes to take effect.
Répondu le : 2022-01-14 13:44:00