Opened 18 years ago
Closed 18 years ago
#3979 closed (duplicate)
HttpOnly flag on session id cookie
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | Contrib apps | Version: | dev |
| Severity: | Keywords: | session cookie | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Set this on the Django session id cookie.
https://bugzilla.mozilla.org/show_bug.cgi?id=178993
It will add good protection against XSS exploits on two major browsers.
Note:
See TracTickets
for help on using tickets.
Dupe of #3304