id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
17766	Clarify impact of HttpOnly flag for JS access to session cookie	Preston Holmes	nobody	"https://github.com/django/django/pull/115

This change impacts anyone accessing the session data from Javascript, for example, when relaying the session ID into a querystring in the case of flash uploading tools. I'm not opening a debate on whether this is proper to do or not, just that it will help people understand possible impacts of this change when using other people's code that may do this (as happened to me)."	Cleanup/optimization	closed	Documentation	dev	Normal	fixed			Ready for checkin	1	0	0	0	0	0