Bugzilla cookies HTTP only

Max Kanat-Alexander mkanat at bugzilla.org
Fri Jan 15 21:44:39 UTC 2010

On 01/13/2010 08:37 AM, Gervase Markham wrote:
> What exactly are the security benefits we get from having our cookies
> HTTPonly?
> [snip]

	I tell ya what--get dveditz or Jesse to weigh in on this; we're not as
much security experts as they are.

	At the least, Bugzilla_login can have httponly removed--only
Bugzilla_logincookie is actually sensitive.

Competent, Friendly Bugzilla and Perl Services. Everything Else, too.

More information about the developers mailing list