Opened 10 years ago

Closed 10 years ago

#3979 closed (duplicate)

HttpOnly flag on session id cookie

Reported by: Henrik Vendelbo <info@…> Owned by: Adrian Holovaty
Component: Contrib apps Version: master
Severity: Keywords: session cookie
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


Set this on the Django session id cookie.

It will add good protection against XSS exploits on two major browsers.

Change History (1)

comment:1 Changed 10 years ago by Chris Beaven

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Resolution: duplicate
Status: newclosed

Dupe of #3304

Note: See TracTickets for help on using tickets.
Back to Top