This policy states that any area of the website or web application that
contains sensitive information or access to privileged functionality such as remote site
administration requires that all cookies are sent via SSL during an SSL session.
The URL: https://xxxxx/seminar/auth/saml/index.php has failed this policy.
If a cookie is marked with the "secure" attribute,
it will only be transmitted if the communications channel with the host is a secure one.
Currently this means that secure cookies will only be sent to HTTPS (HTTP over SSL) servers.
If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.
Cookies are small bits of data that are sent by the web application but stored locally in the browser.
This lets the application use the cookie to pass information between pages and store variable information.
The web application controls what information is stored in a cookie and how it is used.
Typical types of information stored in cookies are session Identifiers,
personalization and customization information, and in rare cases even usernames to enable automated logins.
There are two different types of cookies: session cookies and persistent cookies.
Session cookies only live in the browser's memory, and are not stored anywhere.
Persistent cookies, however, are stored on the browser's hard drive.
This can cause security and privacy issues depending on the information stored in the cookie and how it is accessed.
Persistent cookies are stored on the browsing clients hard drive even when
that client is no longer browsing the Web site that set the client.
Depending on what information is stored in the cookie, this could lead to security and privacy violations.
The Office of Management and Budget has decreed that no federal websites shall use persistent cookies except in very specific situations.
A username was found in the query string of a GET request or Set-Cookie header.
Unknown application testing seeks to uncover new vulnerabilities in both custom and commercial software.
Because of this, there are no specific patches or descriptions for this issue.
OS：Windows NT GSV001 10.0 build 14393 (Windows Server 2016) i586
moodleバージョン：3.4 (Build: 20171113)
Local Value Master Value
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path /seminarp/ /
session.cookie_secure On Off
session.use_cookies On On
session.use_only_cookies On On