Blogposts getagged met “cookie”

Away with external scripts and a strong CSP

Geschreven door Erwin A.W. Maas

Results security scan

I have been busy with a strong Content Security Policy the last couple of months and experienced all kinds of issues with 3rd-party scripts like analytics-tools and a consent-manager script that I needed because of these analytics tools.

To keep everything running fine I had to add several things to the CSP that I didn't like, for example 'unsafe-inline' and 'unsafe-eval'.
Next to that one item of the cookie-consent-script just did not load and there was nothing to do about it before the scriptprovider themselves make changes to it so that I can Hash or Nonce it.

So what did I do?

…meer

Decision: the Social Media stays

Geschreven door Erwin A.W. Maas

I have been studying the login-part (you have to login anew after 24 minutes not being on the site anymore) and I have come to the conclusion that prolonging the login-session will bring critical security-issues with it: 24 minutes is the default session-time and there are good reasons for that.
This means that installing another Social Media application that dóes keep users logged in for days for example, is less secure than the application that we use now, so changing applications is not an option either.

So: we will stick to this one!

Social network Issues

Geschreven door Erwin A.W. Maas

There are some issues with the Social Network, most of them are minor issues but one is not acceptable:
-when a logged in User leaves the site, the session-cookie will expire in 24 minutes. After that a person has to log in again

Busy working on it, but if this can´t be fixed I am seriously considering installing a completely different social-media script that dóes keep the users logged in for a longer period of time.