In Openshift Origin 3 the cookies being set in console have no secure, HttpOnly attributes.
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Origin | Openshift | 3.0.0 (including) | 3.0.0 (including) |