[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 72811] Don't ask users to accept cookies without domain
From:       zander () kde ! org
Date:       2004-02-28 9:02:05
Message-ID: 20040228090205.10554.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
      
http://bugs.kde.org/show_bug.cgi?id=72811      




------- Additional Comments From zander kde org  2004-02-28 10:02 -------
> The most common examples of this are session cookies and there is no reason why \
> cookiejar should not show you those cookies!

Sorry for asking for more info;
a cookie is only a security (/privacy) risk if it is ever returned to the remote \
host, agree? A cookie that has no domain= info and comes from something like file:// \
(i.e. no http) _can_ not be returned to any remote host because we strictly disallow \
cross-site cookie exploits. Right? If it is not a security risk, kcookiejar should \
not ask the user to set the thing; it should just set it.

Isn't that the problem in kcookiejer?

If the problem occurs elsewhere; please create a new bugreport or reassign this one.

Thanx.


[prev in list] [next in list] [prev in thread] [next in thread]