Tor Trac sets cookies over HTTPS that can be sent over cleartext HTTP
Both the trac_auth
and trac_form_token
cookies are described in Firefox's ‘Cookies’ dialog as “Send For: Any type of connection”. The Tor Project should not do this.
Both the trac_auth
and trac_form_token
cookies are described in Firefox's ‘Cookies’ dialog as “Send For: Any type of connection”. The Tor Project should not do this.