Re: Intent to ship: Treat cookies set over non-secure HTTP as session cookies

Martin Thomson Sat, 16 Apr 2016 15:06:07 -0700

On 17 Apr 2016 2:37 AM, "Haik Aftandilian" <haftandil...@mozilla.com> wrote:
>
> Sites might depend on a combination of https and non-https cookies and
then
> act strangely when a user returns to the site with only the https cookies.


This is also known as a security vulnerability. See
https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/zheng
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Intent to ship: Treat cookies set over non-secure HTTP as session cookies

Reply via email to