Closed Bug 383187 Opened 17 years ago Closed 2 years ago

should AUS send the aus cookie as HttpOnly?

Categories

(AUS Graveyard :: General, defect)

Product:
AUS Graveyard
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE
Milestone:
4.x (triaged)

People

(Reporter: moco, Assigned: morgamic)

Details

should we AUS send the aus cookie as HttpOnly?

see bug #178993 (we have HttpOnly support on trunk, but we're seeking backport to 1.8 branch)

see also bug #383181
Why? What are you trying to protect against? It's not like our users are logging in to AUS.

Now Bugzilla and AMO cookies are another matter entirely. HTTPOnly would have some real value there.

This bug lies at rest in the graveyard.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.