Javascript hosted on packages.python.org has access to cookies on python.org, If python.org hasany sort of login it's trivial to steal a session cookie.
No, it doesn't. Cookies for "python.org" are not available to "packages.python.org".
It would have to be a cookie for ".python.org". We don't issue such cookies. Regards, Martin _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
