mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[2.0.x] Fixed #28741 -- Removed unnecessary leading dot from cross-domain cookie examples.

Browse Source 
Backport of afd375fc34 from master
This commit is contained in:
Tim Graham
2017-11-01 10:57:59 -04:00
parent 2e6dd975a2
commit cd37e47096
4 changed files with 10 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/topics/http/sessions.txt
View File

@@ -653,7 +653,7 @@ you'll be logged in as the attacker and might inadvertently enter your
sensitive personal data (e.g. credit card info) into the attackers account.
Another possible attack would be if ``good.example.com`` sets its
:setting:`SESSION_COOKIE_DOMAIN` to ``".example.com"`` which would cause
:setting:`SESSION_COOKIE_DOMAIN` to ``"example.com"`` which would cause
session cookies from that site to be sent to ``bad.example.com``.
Technical details