[FE-899] Cookies with sensitive information should be HttpOnly - Create and track feature requests for Atlassian products.

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.0-M2
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Our auth cookies (infact all cookies) should have httpOnly set on them. This reduces the exposure to cookie-stealing via injected JS.

Assignee:: Chii (Inactive)

Reporter:: Matt Quail (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 17/Dec/2008 12:04 AM

Updated:: 19/Sep/2019 5:54 AM

Resolved:: 29/Jan/2009 11:01 PM

Estimated:

4h

Remaining:

0h

Logged:

2h