MyBB Community Forums

MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > Restrict ACP session-related cookie path to admin directory
Full Version: Restrict ACP session-related cookie path to admin directory
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Devilshakerz

2014-11-18, 02:54 PM
As the ACP security bug hunt is on, the path of the cookies related to the ACP session should be set only to the admin directory, so they are not accessible on other parts of the forum.

Euan T

2014-11-18, 03:38 PM
Definitely agreed.

Eldenroot

2014-11-18, 03:47 PM
Agree - it should be in a pack of security improvements for 1.8.3

dragonexpert

2014-11-18, 06:15 PM
+1 from me.

Diogo Parrinha

2014-11-22, 09:06 PM
Thank you, I'll create a GH issue for 1.8.4

Ben

2014-11-22, 09:09 PM
(2014-11-22, 09:06 PM)Pirata Nervo Wrote: [ -> ]Thank you, I'll create a GH issue for 1.8.4

Thank you for this.
MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > Restrict ACP session-related cookie path to admin directory