Dnn.Platform icon indicating copy to clipboard operation
Dnn.Platform copied to clipboard
verified publisher icon dnnsoftware

[Enhancement]: Set SameSite and Secure property for authentication cookie

Open Mostafa-Moafi opened this issue 1 year ago • 0 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Description of problem

  1. Defining SAMESITE to ensure that cookies are not sent to a third-party site or address. The value of this tag must be defined as "Strict".
  2. Definition of the SECURE tag to ensure that the cookie is transmitted through a secure communication path and that it cannot eavesdrop (the SECURE tag should be activated after activating the HTTPS protocol).

Description of solution

For the secure enabled, I think we should check SSL enabled in DNN and update the cookie when logging user. for set SamaSite to Stric, we should just update the authentication cookie

Description of alternatives considered

No response

Anything else?

No response

Do you be plan to contribute code for this enhancement?

  • [X] Yes

Would you be interested in sponsoring this enhancement?

  • [ ] Yes

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

Mostafa-Moafi avatar May 16 '24 17:05 Mostafa-Moafi