[tor-bugs] #2238 [EFF-HTTPS Everywhere]: in Facebook account settings, clicking tabs kicks you off Facebook
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Jan 11 23:27:10 UTC 2011
#2238: in Facebook account settings, clicking tabs kicks you off Facebook
-----------------------------------+----------------------------------------
Reporter: newacct | Owner: pde
Type: defect | Status: closed
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Resolution: wontfix | Keywords:
Parent: |
-----------------------------------+----------------------------------------
Changes (by pde):
* status: new => closed
* resolution: => wontfix
Comment:
This is a bug in Facebook's HTTPS support.
You'll get this behaviour if you have the Facebook+ rule enabled. It's
because some account settings pages are not available over HTTPS (!), so
if you try to access them with your cookies secured, those pages won't get
your cookie. You have two choices:
1. Disable the Facebook+ rule then log out and back in again -- you'll be
vulnerable to Firesheep and other cookie theft attacks, but these settings
pages will work.
2. Live without those settings pages :(
One day, we hope Facebook will fix these bugs in their site.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2238#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list