Everyone who as access to your session cookie now can execute REST calls on behalf of you or use the cookie in his browser on behalf of you! So it is VERY important to keep the cookie file (/privatedir/confluence.cookie ) private! The default is that the file is created with read access to everyone: user@smartics ~ # ll ~/privatedir/
-rw-r--r-- 1 user user 427 Jun 19 22:05 confluence.cookie
So at least secure the file by removing the read access for others and groups. e.g.: chmod go-r ~/privatedir/confluence.cookie
|