Skip to content

Commit

Permalink
[2.2.x] Fixed typo in docs/topics/http/sessions.txt.
Browse files Browse the repository at this point in the history 
Backport of 8323691 from master
  • Loading branch information
@terminator14 @felixxm
terminator14 authored and felixxm committed Jul 23, 2019
1 parent 2d2859b commit 61d4a15
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/topics/http/sessions.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -651,7 +651,7 @@ session for their account. If the attacker has control over ``bad.example.com``,
they can use it to send their session key to you since a subdomain is permitted
to set cookies on ``*.example.com``. When you visit ``good.example.com``,
you'll be logged in as the attacker and might inadvertently enter your
sensitive personal data (e.g. credit card info) into the attackers account.
sensitive personal data (e.g. credit card info) into the attacker's account.

Another possible attack would be if ``good.example.com`` sets its
:setting:`SESSION_COOKIE_DOMAIN` to ``"example.com"`` which would cause
Expand Down

0 comments on commit 61d4a15

Please sign in to comment.