mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-13 02:40:47 +00:00
Code Issues 32 Releases Wiki Activity

[1.6.x] Fixed a sentence in the session security docs; thanks claudep.

Browse Source 
Backport of 4d27d311f6 from master
This commit is contained in:
Tim Graham 2014-01-03 12:02:58 -05:00
parent 7a4d2b8e3d
commit 2206321ff9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/topics/http/sessions.txt
View File

@ -653,8 +653,8 @@ Session security
================ ================
Subdomains within a site are able to set cookies on the client for the whole Subdomains within a site are able to set cookies on the client for the whole
domain. This makes session fixation possible if all subdomains are not domain. This makes session fixation possible if cookies are permitted from
controlled by trusted users (or, are at least unable to set cookies). subdomains not controlled by trusted users.
For example, an attacker could log into ``good.example.com`` and get a valid For example, an attacker could log into ``good.example.com`` and get a valid
session for his account. If the attacker has control over ``bad.example.com``, session for his account. If the attacker has control over ``bad.example.com``,