[wp-trac] [WordPress Trac] #52639: Add proper Security Attributes to the Cookies set by WordPress
WordPress Trac
noreply at wordpress.org
Mon Jun 20 14:43:17 UTC 2022
#52639: Add proper Security Attributes to the Cookies set by WordPress
-------------------------------+-------------------------------
Reporter: isaumya | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses: coding-standards
-------------------------------+-------------------------------
Comment (by TimothyBlynJacobs):
> I see this as a clear security issue if the cookie with the session id
is available to JS. For instance, a cross site scripting attack can easily
steal the cookie and provide it to third parties.
The session cookie is not available to JS.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52639#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list