[FE-899] Cookies with sensitive information should be HttpOnly - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Suggestion
Status: Closed (View Workflow)
Resolution: Fixed
Fix Version/s: 2.0-M2
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Our auth cookies (infact all cookies) should have httpOnly set on them. This reduces the exposure to cookie-stealing via injected JS.

Attachments

Activity

People

Assignee:: Chii

Reporter:: Matt Quail (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 17/Dec/2008 12:04 AM

Updated:: 19/Sep/2019 5:54 AM

Resolved:: 29/Jan/2009 11:01 PM

Time Tracking

Estimated:

4h

Remaining:

0h

Logged:

2h