From 61d4a159899358e3570dfc5db039651325b30992 Mon Sep 17 00:00:00 2001 From: terminator14 Date: Tue, 23 Jul 2019 07:10:58 -0600 Subject: [PATCH] [2.2.x] Fixed typo in docs/topics/http/sessions.txt. Backport of 8323691de0ba120dbdc8055063574df2b0c0afa4 from master --- docs/topics/http/sessions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/topics/http/sessions.txt b/docs/topics/http/sessions.txt index 745c735e460..f0311f6fa17 100644 --- a/docs/topics/http/sessions.txt +++ b/docs/topics/http/sessions.txt @@ -651,7 +651,7 @@ session for their account. If the attacker has control over ``bad.example.com``, they can use it to send their session key to you since a subdomain is permitted to set cookies on ``*.example.com``. When you visit ``good.example.com``, you'll be logged in as the attacker and might inadvertently enter your -sensitive personal data (e.g. credit card info) into the attackers account. +sensitive personal data (e.g. credit card info) into the attacker's account. Another possible attack would be if ``good.example.com`` sets its :setting:`SESSION_COOKIE_DOMAIN` to ``"example.com"`` which would cause