mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-28 18:20:49 +00:00
Code Issues 32 Releases Wiki Activity

[1.6.x] Fixed typo in topics/http/sessions.txt.

Browse Source 
Backport of 9348fc5628 from master
This commit is contained in:
Tim Graham 2013-11-18 19:10:58 -05:00
parent 833f7d11e8
commit 44469af34b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/topics/http/sessions.txt
View File

@ -659,7 +659,7 @@ controlled by trusted users (or, are at least unable to set cookies).
For example, an attacker could log into ``good.example.com`` and get a valid For example, an attacker could log into ``good.example.com`` and get a valid
session for his account. If the attacker has control over ``bad.example.com``, session for his account. If the attacker has control over ``bad.example.com``,
he can use it to send his session key to you since a subdomain is permitted he can use it to send his session key to you since a subdomain is permitted
to set cookies on `*.example.com``. When you visit ``good.example.com``, to set cookies on ``*.example.com``. When you visit ``good.example.com``,
you'll be logged in as the attacker and might inadvertently enter your you'll be logged in as the attacker and might inadvertently enter your
sensitive personal data (e.g. credit card info) into the attackers account. sensitive personal data (e.g. credit card info) into the attackers account.