It hides the referer which is unfortunate. Maybe an option only to login, regist... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pbreit on Aug 21, 2011 \| parent \| context \| favorite \| on: HN now comes with HTTPS? It hides the referer which is unfortunate. Maybe an option only to login, register, etc via HTTPS?

mike-cardwell on Aug 22, 2011 [–]

Many people, myself included, would see that as a good thing. Not an "unfortunate" thing. Limiting HTTPS to logins only allows session hijacking. Session hijacking is a serious problem.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact