Werk #2392: Auth cookie is always using 'httponly' flag

TitelAuth cookie is always using "httponly" flag
Datum2015-06-30 13:44:27
Check_MK EditionCheck_MK Raw Edition (CRE)
Check_MK Version1.2.7i3
LevelTrivial Change
KlasseSecurity Fix
KompatibilitätKompatibel - benötigt kein manuelles Eingreifen

All newly issued authentication cookies have the flag "httponly" set now. This makes the cookie values inaccessible from scripts executed in the browser, e.g. from Javascript. This secures the cookie against some sorts of cookie stealing attempts.

See https://www.owasp.org/index.php/HttpOnly for details.