Check 92/126: Horizon uses a separate sub-domain with its own set of cookies to protect against session hijacking. Failed While Horizon uses a separate domain, your application session cookies are still shared with Horizon. This exposes your application to session hijacking, where if either your main application or Horizon is compromised, the other would also be compromised. It is recommended to configure separate cookies by setting the session domain configuration to null. At config/session.php, line 158. Documentation URL: https://www.laravel-enlightn.com/docs/security/horizon-security-analyzer.html
I have multiple subdomains. each user has their own subdomain. I have the primary subdomain “my”. I am using session_domain to manage session cookies. The value of the session domain is “.projectame.com”. I am facing a redirect issue when putting a null value for session_domain.
when the session domain is null, I am having an issue redirecting from my.projectname.com to username.projectname.com.
Does anyone know how to solve it?
Top comments (0)