Hi If this is the case, it looks like the perfect solution to the problem. And I think it should be strict too.
// Ola On Fri, 13 Mar 2020 at 10:50, Emilio Pozuelo Monfort <[email protected]> wrote: > On 12/03/2020 22:02, Brian May wrote: > > Ola Lundqvist <[email protected]> writes: > > > >> I have ideas on how we can reduce the attack possibilities but I cannot > >> find any perfect solution to this. > > > > What about setting samesite=Lax in the session Cookie? > > Wouldn't you need Strict rather than Lax? Otherwise if basite.com sends a > POST > request to your phppgadmin instance, the cookie will be sent and you won't > have > fixed anything. > > Cheers, > Emilio > -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
