-
Incident report
-
Resolution: Fixed
-
Trivial
-
None
-
None
-
None
-
Sprint 11, Sprint 12, Sprint 13, Sprint 14, Sprint 15, Sprint 16, Sprint 17, Sprint 18, Sprint 19, Sprint 20, Sprint 21
-
4
Customer wrote:
We are a customer of Zabbix and during a recent test of our network we noticed that the Zabbix application is setting user's session cookies (PHPSESSID and zbx_sessionid) without the 'Http-only' attribute. Setting the Http-Only attribute helps protect the session cookies from being accessed and compromised via Cross-Site Scripting and Javascript attacks.I was not able to find any configurations to make such a change in Zabbix. Do you have any recommendations for me? Or is there a plan to include this configuration?
