We fat fingered the config. The cookie is marked secure now but we found another... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rtomayko on Nov 3, 2010 \| parent \| context \| favorite \| on: GitHub moves to SSL, but remains Firesheepable We fat fingered the config. The cookie is marked secure now but we found another issue where it's being sent back on redirected HTTP requests. It should be all plugged up in a bit.

rtomayko on Nov 3, 2010 [–]

Okay. The session cookie is marked secure and is sent only in response to HTTPS requests. That should cover everything.

percept on Nov 3, 2010 | [–]

Somebody get this guy some karma.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact