Closed Bug 855220 Opened 13 years ago Closed 13 years ago

HTTPOnly flag missing

Tracking

(Not tracked)

Status:

RESOLVED INVALID

People

(Reporter: satishb3, Unassigned)

Details

(Keywords: reporter-external)

satishb3

Reporter

Description

•

13 years ago

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22 Steps to reproduce: Sessionid created by support.mozilla.org website does not contain HTTPOnly flag. Actual results: Log into support.mozilla.org and notice that the sessionid created by server does not contain HTTPOnly flag. Expected results: Mark sessionid with HTTPOnly flag.

satishb3

Reporter

Comment 1

•

13 years ago

Sessionid cookie contains the httponly flag. Sorry. I overlooked at it.

Status: UNCONFIRMED → RESOLVED

Closed: 13 years ago

Resolution: --- → INVALID

Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]

Updated

•

13 years ago

Group: websites-security

Flags: sec-bounty-

David Lawrence [:dkl]

Updated

•

1 year ago

Keywords: reporter-external

You need to log in before you can comment on or make changes to this bug.

Bugzilla

HTTPOnly flag missing

Categories

(support.mozilla.org :: General, defect)

Tracking

(Not tracked)

People

(Reporter: satishb3, Unassigned)

References

Details

(Keywords: reporter-external)

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated