Thanks to visit codestin.com
Credit goes to github.com

Skip to content

framework.session.cookie_secure does not default to 'auto' #31376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
junowilderness opened this issue May 3, 2019 · 5 comments
Closed

framework.session.cookie_secure does not default to 'auto' #31376

junowilderness opened this issue May 3, 2019 · 5 comments
Labels
Bug HttpFoundation Status: Needs Review

Comments

@junowilderness
Copy link
Contributor

junowilderness commented May 3, 2019
edited
Loading

Symfony version(s) affected: 4.2.7

Description
framework.session.cookie_secure option, when unset, does not default to 'auto'.

How to reproduce

  1. Do not set framework.session.cookie_secure option.
  2. Start a session on an app that is on https.
  3. Observe the resulting cookie. The secure option is not set.
  4. Set framework.session.cookie_secure option to 'auto'.
  5. Start a session on an app that is on https.
  6. Observe the resulting cookie. The secure option is set.

The documentation reads that cookie_secure defaults to 'auto' but in the testing I have done, cookies are secure only if cookie_secure is set to 'auto'.

Possible Solution

Additional context
@nicolas-grekas
Copy link
Member

It's set to "auto" by default in the recipe: symfony/recipes#452
Changing the default in the code would be a BC break we cannot do without a painful upgrade path.

@junowilderness
Copy link
Contributor Author

junowilderness commented May 5, 2019
edited
Loading

I see. Perhaps a documentation update would sort it out.

@nicolas-grekas
Copy link
Member

Sure, would you mind opening a doc issue, or better: a PR?

@junowilderness
Copy link
Contributor Author

I’m on it.

@nicolas-grekas
Copy link
Member

Thanks, closing here then.

@junowilderness junowilderness mentioned this issue May 5, 2019
Merged
javiereguiluz added a commit to javiereguiluz/symfony-docs that referenced this issue May 6, 2019
@javiereguiluz
minor symfony#11524 Indicate that cookie_secure is false by default (…
52f641a 
…cilefen)

This PR was merged into the 4.2 branch.

Discussion
----------

Indicate that cookie_secure is false by default

Closes symfony/symfony#31376
<!--

If your pull request fixes a BUG, use the oldest maintained branch that contains
the bug (see https://symfony.com/roadmap for the list of maintained branches).

If your pull request documents a NEW FEATURE, use the same Symfony branch where
the feature was introduced (and `master` for features of unreleased versions).

-->

Commits
-------

b859228 Indicate that cookie_secure is false by default
@MatTheCat MatTheCat mentioned this issue Feb 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpFoundation Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@javiereguiluz @nicolas-grekas @junowilderness @carsonbot