On 12/03/2020 22:02, Brian May wrote: > Ola Lundqvist <o...@inguza.com> writes: > >> I have ideas on how we can reduce the attack possibilities but I cannot >> find any perfect solution to this. > > What about setting samesite=Lax in the session Cookie?
Wouldn't you need Strict rather than Lax? Otherwise if basite.com sends a POST request to your phppgadmin instance, the cookie will be sent and you won't have fixed anything. Cheers, Emilio
