问题描述
我已经安装了Plone 4.3.2(Zope 2.13.21).如文档所述( http://plone.org/documentation/kb/securing-plone)Cookie应该为secure
和httpOnly
,且Zope 2.12或更高版本.
I have Plone 4.3.2 (Zope 2.13.21) installed. As mentioned in the documentation (http://plone.org/documentation/kb/securing-plone) cookies should be secure
and httpOnly
with Zope 2.12 or higher.
但是,如果我以管理员身份(或以zope-root定义的另一个用户)登录,则__ac
cookie不是secure
也不是httpOnly
.如果我以在站点中创建的用户身份登录,一切都很好.有办法改变吗?
But if I log in as admin (or another user that is defined at zope-root) the __ac
cookie is not secure
and not httpOnly
. If I log in as a user created in a site everything is fine. Is there a way to change this?
推荐答案
首先,要在Plone中设置cookie设置:
First off, to set cookie settings in Plone:
- 将/manage附加到您的plone网站网址上
- 点击"acl_users"
- 点击会话"
- 点击属性"标签
然后,对于root登录,这取决于您登录的位置.
Then, as for root login, it depends on where you login.
Zope根未实现cookie插件,仅使用基本身份验证登录. IMO,如果没有先建立隧道或使用VPN进入zope根目录,就永远不可访问.
Zope root does not implement a cookie plugin, it only logs in with basic auth. IMO, you should never have zope root accessible without first tunneling or using a VPN to get into it.
最后,您可以从您的plone站点禁用凭据_basic_auth插件.
Finally, you can disable credentials_basic_auth plugin from your plone site.
这篇关于如何为克隆__ac Cookie设置“安全"和"httpOnly"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!