MyBB Community Forums
[Pushed] Restrict ACP session-related cookie path to admin directory - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Development (https://community.mybb.com/forum-161.html)
+--- Forum: MyBB 1.8 Development (https://community.mybb.com/forum-165.html)
+---- Forum: 1.8 Bugs and Issues (https://community.mybb.com/forum-157.html)
+----- Forum: Pushed (https://community.mybb.com/forum-183.html)
+----- Thread: [Pushed] Restrict ACP session-related cookie path to admin directory (/thread-162999.html)



Restrict ACP session-related cookie path to admin directory - Devilshakerz - 2014-11-18

As the ACP security bug hunt is on, the path of the cookies related to the ACP session should be set only to the admin directory, so they are not accessible on other parts of the forum.


RE: Restrict ACP session-related cookie path to admin directory - Euan T - 2014-11-18

Definitely agreed.


RE: Restrict ACP session-related cookie path to admin directory - Eldenroot - 2014-11-18

Agree - it should be in a pack of security improvements for 1.8.3


RE: Restrict ACP session-related cookie path to admin directory - dragonexpert - 2014-11-18

+1 from me.


RE: Restrict ACP session-related cookie path to admin directory - Diogo Parrinha - 2014-11-22

Thank you, I'll create a GH issue for 1.8.4


RE: Restrict ACP session-related cookie path to admin directory - Ben - 2014-11-22

(2014-11-22, 09:06 PM)Pirata Nervo Wrote: Thank you, I'll create a GH issue for 1.8.4

Thank you for this.