Fidelio icon indicating copy to clipboard operation
Fidelio copied to clipboard

Published 20 hours ago verified publisher icon nikcub

Twitter leaks

Open alok0 opened this issue 14 years ago • 2 comments

I am still getting leaks by doing logging in via https://twitter.com/login (And also from time to time there is requests to /scribe that are leaking cookies through.)

Is twitter automatically overriding the secure cookies or something? Whatever is happening, the cookies are coming through.

Facebook on the other hand is clean, cookies do not get through, even though there are many more random non-ssl requests.

alok0 avatar Oct 27 '10 03:10 alok0

Interesting - let me check it out. Thanks for reporting it

nikcub avatar Oct 27 '10 03:10 nikcub

Ok Twitter is re-setting the cookie, I will work out a way around it

I am now capturing both the cookie on-set and cookie on-change events in Chrome and double-checking that the secure flag is set at that point as well. Testing it now to make sure that Twitter doesn't send it into an infinite loop.

nikcub avatar Oct 28 '10 17:10 nikcub