id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 17766,Clarify impact of HttpOnly flag for JS access to session cookie,Preston Holmes,nobody,"https://github.com/django/django/pull/115 This change impacts anyone accessing the session data from Javascript, for example, when relaying the session ID into a querystring in the case of flash uploading tools. I'm not opening a debate on whether this is proper to do or not, just that it will help people understand possible impacts of this change when using other people's code that may do this (as happened to me).",Cleanup/optimization,closed,Documentation,dev,Normal,fixed,,,Ready for checkin,1,0,0,0,0,0