mirror of https://github.com/django/django.git
[2.2.x] Fixed typo in docs/topics/http/sessions.txt.
Backport of 8323691de0
from master
This commit is contained in:
parent
2d2859bec2
commit
61d4a15989
|
@ -651,7 +651,7 @@ session for their account. If the attacker has control over ``bad.example.com``,
|
|||
they can use it to send their session key to you since a subdomain is permitted
|
||||
to set cookies on ``*.example.com``. When you visit ``good.example.com``,
|
||||
you'll be logged in as the attacker and might inadvertently enter your
|
||||
sensitive personal data (e.g. credit card info) into the attackers account.
|
||||
sensitive personal data (e.g. credit card info) into the attacker's account.
|
||||
|
||||
Another possible attack would be if ``good.example.com`` sets its
|
||||
:setting:`SESSION_COOKIE_DOMAIN` to ``"example.com"`` which would cause
|
||||
|
|
Loading…
Reference in New Issue