mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #28741 -- Removed unnecessary leading dot from cross-domain cookie examples.

Browse source
This commit is contained in:
Tim Graham 2017-11-01 10:57:59 -04:00 committed by GitHub
parent cbe334918a
commit afd375fc34
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/topics/http/sessions.txt
View file

@ -653,7 +653,7 @@ you'll be logged in as the attacker and might inadvertently enter your
sensitive personal data (e.g. credit card info) into the attackers account.
Another possible attack would be if ``good.example.com`` sets its
:setting:`SESSION_COOKIE_DOMAIN` to ``".example.com"`` which would cause
:setting:`SESSION_COOKIE_DOMAIN` to ``"example.com"`` which would cause
session cookies from that site to be sent to ``bad.example.com``.
Technical details