I may have read this too fast ... our issue was actually two fold - the Secure only flag should be something in the admin to check. At least that is the case in Adobe CF... I haven't looked in the openBD admin because as you see from my other answer, we set our own cookies and it's easy to set the flag there.
BUT - you still may need something like our solution because they (security scanners) get upset because one of the cookie values is a serial one up generation. Which they say the next session number could be guessed and hijacked. It's a false positive though because CF/OpenBD use both cookies together and the other is not one up generated. Which is why we used the code to combine them into one encrypted cookie value. -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
