Opened 7 years ago

Closed 7 years ago

#3979 closed (duplicate)

HttpOnly flag on session id cookie

Reported by: Henrik Vendelbo <info@…> Owned by: adrian
Component: Contrib apps Version: master
Severity: Keywords: session cookie
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


Set this on the Django session id cookie.

It will add good protection against XSS exploits on two major browsers.

Attachments (0)

Change History (1)

comment:1 Changed 7 years ago by SmileyChris

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed

Dupe of #3304

Add Comment

Modify Ticket

Change Properties
<Author field>
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.