id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 3979 HttpOnly flag on session id cookie Henrik Vendelbo Adrian Holovaty "Set this on the Django session id cookie. https://bugzilla.mozilla.org/show_bug.cgi?id=178993 It will add good protection against XSS exploits on two major browsers." closed Contrib apps dev duplicate session cookie Unreviewed 0 0 0 0 0 0