summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2014-01-03 12:02:58 -0500
committerTim Graham <timograham@gmail.com>2014-01-03 12:02:58 -0500
commit4d27d311f6d598b799ce2cb2df88a1dc54ab8166 (patch)
tree4f39b7bde3cc5051742df671d4ef18d30847bc09 /docs
parente6800ea136aaa882682dbb7dc54423c5f002b551 (diff)
Fixed a sentence in the session security docs; thanks claudep.
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/http/sessions.txt4
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/topics/http/sessions.txt b/docs/topics/http/sessions.txt
index f7e8807945..2cf4751212 100644
--- a/docs/topics/http/sessions.txt
+++ b/docs/topics/http/sessions.txt
@@ -655,8 +655,8 @@ Session security
================
Subdomains within a site are able to set cookies on the client for the whole
-domain. This makes session fixation possible if all subdomains are not
-controlled by trusted users (or, are at least unable to set cookies).
+domain. This makes session fixation possible if cookies are permitted from
+subdomains not controlled by trusted users.
For example, an attacker could log into ``good.example.com`` and get a valid
session for their account. If the attacker has control over ``bad.example.com``,