[tor-bugs] #2098 [Trac]: Tor Trac sets cookies over HTTPS that can be sent over cleartext HTTP

[Tor Bug Tracker & Wiki]

#2098: Tor Trac sets cookies over HTTPS that can be sent over cleartext HTTP
----------------------+-----------------------------------------------------
 Reporter:  rransom   |       Owner:  erinn   
     Type:  defect    |      Status:  accepted
 Priority:  critical  |   Milestone:          
Component:  Trac      |     Version:          
 Keywords:            |      Parent:          
----------------------+-----------------------------------------------------
Changes (by erinn):

  * status:  assigned => accepted


Comment:

 Replying to [comment:3 dkg]:
 > See http://trac.edgewall.org/ticket/5910 for discussion.
 >
 > i think you only need to set
 >
 > {{{
 > [trac]
 >  secure_cookies = true
 > }}}
 >
 > in `trac.ini`

 Implemented. Works for me and dkg claims it works for him too. rransom,
 care to confirm before I close as fixed?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2098#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online