On 12/03/2020 22:02, Brian May wrote:
> Ola Lundqvist <ola@inguza.com> writes:
>
>> I have ideas on how we can reduce the attack possibilities but I cannot
>> find any perfect solution to this.
>
> What about setting samesite=Lax in the session Cookie?
Wouldn't you need Strict rather than Lax? Otherwise if basite.com sends a POST
request to your phppgadmin instance, the cookie will be sent and you won't have
fixed anything.
Cheers,
Emilio