mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-04-22 00:04:43 +00:00
Code Issues 32 Releases Wiki Activity

[2.2.x] Fixed typo in docs/topics/http/sessions.txt.

Browse Source 
Backport of 8323691de0ba120dbdc8055063574df2b0c0afa4 from master
This commit is contained in:
terminator14 2019-07-23 07:10:58 -06:00 committed by Mariusz Felisiak
parent 2d2859bec2
commit 61d4a15989
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/topics/http/sessions.txt
View File

@ -651,7 +651,7 @@ session for their account. If the attacker has control over ``bad.example.com``,
they can use it to send their session key to you since a subdomain is permitted
to set cookies on ``*.example.com``. When you visit ``good.example.com``,
you'll be logged in as the attacker and might inadvertently enter your
sensitive personal data (e.g. credit card info) into the attackers account.
sensitive personal data (e.g. credit card info) into the attacker's account.
Another possible attack would be if ``good.example.com`` sets its
:setting:`SESSION_COOKIE_DOMAIN` to ``"example.com"`` which would cause