[tor-bugs] #3600 [TorBrowserButton]: Prevent redirects from storing cookies+identifiers (was: We should get user confirmation for automated redirect cycles)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Feb 28 00:46:43 UTC 2012
#3600: Prevent redirects from storing cookies+identifiers
------------------------------+---------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: TorBrowserButton | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
Comment(by mikeperry):
Hrmm, instead of warning at all, we should prevent redirects from
transmitting or storing any identifiers. The best heuristic might still be
to delete identifiers after the fact when a cycle is detected, but we
should think a little more about alternatives, as after-the-fact deletion
won't cover all cases.
See also #4286 for redirect API discussion.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3600#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list