[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Defeat Exit Node Sniffing?

On Wed, Mar 5, 2008 at 4:34 PM, scar <scar@xxxxxxxxxx> wrote:
> ...
>  there was no bug in the add-on; i saw the change to the cookie take
>  place.  it is a problem with the website/webmaster.

the modification (secure only = true) must be made with every updated
expiration / set cookie received, otherwise a session refresh / save
will save without the secure only option enforced.

it might be easiest to extend the existing modify headers extension to
alter incoming cookie parameters...  (and if you find out, document in
the wiki :)