https://bugzilla.wikimedia.org/show_bug.cgi?id=14407
--- Comment #20 from Brion Vibber <[EMAIL PROTECTED]> 2008-12-01 23:56:54 UTC --- Added species to the session setup list per request. I don't want to go too crazy with the rest yet; might want to just think about better ways to arrange some of the domains, or whether we can consider the cookie issue reasonably well fixed at this point and just do a wildcard cookie on *.wikimedia.org. With HttpOnly cookies being used, most modern browsers won't be allowing XSS code to hijack the session cookie, so it would only be accessible to actual web apps on those servers (eg a PHP execution vulnerability). (Of course some browsers still don't support HttpOnly cookies...) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
