Documentation for #2281
This commit is contained in:
parent
a4b80b1a37
commit
21e6cbb2c4
|
@ -29,13 +29,17 @@ To edit SSO cookie parameters, go in Manager, ``General Parameters`` >
|
||||||
only one session is created in session database
|
only one session is created in session database
|
||||||
|
|
||||||
- **Javascript protection**: set httpOnly flag, to prevent cookie from
|
- **Javascript protection**: set httpOnly flag, to prevent cookie from
|
||||||
being caught by javascript code
|
being leaked by malicious javascript code
|
||||||
- **Cookie expiration time**: by default, SSO cookie is a session
|
- **Cookie expiration time**: by default, SSO cookie is a session
|
||||||
cookie, which means it will be destroyed when browser is closed. You
|
cookie, which means it will be destroyed when browser is closed. You
|
||||||
can change this behavior by setting a cookie expiration time. It must
|
can change this behavior by setting a cookie expiration time. It must
|
||||||
be an integer. **Cookie Expiration Time** value is a number of
|
be an integer. **Cookie Expiration Time** value is a number of
|
||||||
seconds until the cookie expires. Set a zero value to disable
|
seconds until the cookie expires. Set a zero value to disable
|
||||||
expiration time and use a session cookie.
|
expiration time and use a session cookie.
|
||||||
|
- **Cookie SameSite value**: the value of the SameSite cookie attribute. By
|
||||||
|
default, LemonLDAP::NG will set it to "Lax" in most cases, and "None" if you
|
||||||
|
use SAML. Using "None" requres Secured Cookies, and accessing applications
|
||||||
|
over HTTPS on most web browsers.
|
||||||
|
|
||||||
|
|
||||||
.. danger::
|
.. danger::
|
||||||
|
|
|
@ -33,6 +33,9 @@ backups and a rollback plan ready!
|
||||||
need to manually change your existing
|
need to manually change your existing
|
||||||
``localSessionStorageOptions/cache_root`` parameter from ``/tmp`` to
|
``localSessionStorageOptions/cache_root`` parameter from ``/tmp`` to
|
||||||
``/var/cache/lemonldap-ng``.
|
``/var/cache/lemonldap-ng``.
|
||||||
|
- This release fixes several issues when using ``SameSite=None``. The new
|
||||||
|
default value of the SameSite configuration parameter will set SameSite to
|
||||||
|
``Lax`` unless you are using SAML, which requires ``None``
|
||||||
|
|
||||||
2.0.8
|
2.0.8
|
||||||
-----
|
-----
|
||||||
|
|
Loading…
Reference in New Issue
Block a user