It is observed that, path cookie attribute not set properly in Jenkins. Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=; Path=/;...Max-Age=0; Secure; HttpOnly
Problem Description: Verify that the domain has not been set too loosely. It should only be set for the server that needs to receive the cookie. For example: If the application resides on the server app.mysite.com, then it should be set to ; domain=app.mysite.com and not to ; domain=.mysite.com as this would allow other potentially vulnerable servers to receive the cookie. Path: Verify that the Path attribute has not been set too loosely. Even if the Domain attribute has been configured securely, if the path is set to the root directory / then it can be vulnerable to less secure applications on the same server. For example: If the application resides at /myapp/, then verify that the cookies path is set to ; path=/myapp/ and not to ; path=/. Can you please suggest ? -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9014308c-dbc7-48cf-9170-248e2219116bn%40googlegroups.com.
