[tor-bugs] #2098 [Website]: Tor Trac sets cookies over HTTPS that can be sent over cleartext HTTP

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Oct 21 09:17:03 UTC 2010


#2098: Tor Trac sets cookies over HTTPS that can be sent over cleartext HTTP
---------------------+------------------------------------------------------
 Reporter:  rransom  |       Owner:  phobos
     Type:  defect   |      Status:  new   
 Priority:  major    |   Milestone:        
Component:  Website  |     Version:        
 Keywords:           |      Parent:        
---------------------+------------------------------------------------------
 Both the `trac_auth` and `trac_form_token` cookies are described in
 Firefox's ‘Cookies’ dialog as “Send For: Any type of connection”. The Tor
 Project should not do this.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2098>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list