should AUS send the aus cookie as HttpOnly?

NEW
Assigned to

Status

12 years ago
12 years ago

People

(Reporter: moco, Assigned: morgamic)

Tracking

4.x (triaged)
x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

should we AUS send the aus cookie as HttpOnly?

see bug #178993 (we have HttpOnly support on trunk, but we're seeking backport to 1.8 branch)

see also bug #383181
Why? What are you trying to protect against? It's not like our users are logging in to AUS.

Now Bugzilla and AMO cookies are another matter entirely. HTTPOnly would have some real value there.
You need to log in before you can comment on or make changes to this bug.