* Nico Golde: > While I agree that the cookie issues and the session id > issue is not of an high impact I still think that at least > the CSRF issue should be fixed cause the exploit scenario > has a certain real life importance.
The __ac cookie issue is significant as well if the secure flag is not set on the cookie even if login happens over HTTPS. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
