Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Persistent Cookies Vulnerability - Confluence Server 6.13.8

Hi All,

I've been banging my head against this one for a couple days now. We are running Confluence Server behind an Apache Reverse Proxy and require Security Scans to clear our applications for operation.

I have a 'Medium' level Vulnerability 'Cookie Security: Persistent Cookie' that is being flagged against the cookies 'confluence-language' & 'confluence.browse.space.cookie'. This is caused by the Expiry/Max-Age directives in the Set-Cookie Header. I need to remove or alter these directives from the cookie to change these into Session Cookies rather than Persistent Cookies. I understand that these are not Authentication Cookies and just store language selections and most recently visited page however we are attempting to enforce best practices...

I have tried adding the following line to httpd.conf, however this doesn't seem to have any effect as the original Max-Age directive remains in the cookie Header:

"Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure"

Any suggestions would be much appreciated.

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

480 views 24 9
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you