[wp-trac] [WordPress Trac] #36785: Filter for httponly cookie (was: Filter for httponly cookie.)
WordPress Trac
noreply at wordpress.org
Tue May 10 09:30:44 UTC 2016
#36785: Filter for httponly cookie
------------------------------------+------------------------------
Reporter: IAmJulianAcosta | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.5.2
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------------+------------------------------
Comment (by swissspidy):
Hey there,
Welcome to trac and thanks for creating this ticket!
> Sometimes is necessary to send auth cookies without httponly
Can you tell us about specific use cases where this is '''absolutely
necessary''' and cannot be circumvented by using a separate cookie?
> I know that this could represent a security issue
It does, that's why `httponly` was added '''on purpose''' in #7677.
> I'm pretty sure that any developer modifying this, is pretty sure about
what is doing.
Never be too sure about this, really. There will always be people that
would change this for no reason, or seem to be sure about it and forget to
deactivate it on their production site.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36785#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list