[CWD-2938] Set Crowd JSESSIONID as HTTPOnly in the default configuration - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.5.2
Affects Version/s: None
Component/s: None
Labels:
- no-advisory-required
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

This is to improve mitigation of XSS vulnerabilities.

Assignee:: joe

Reporter:: VitalyA

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 04/Oct/2012 12:55 AM

Updated:: 15/Aug/2019 7:05 AM

Resolved:: 04/Oct/2012 2:13 AM