29 Oct
2002
29 Oct
'02
12:09 p.m.
From: "Jens Vagelpohl" <jens@zope.com>
Unfortunately the credentials are easily sniffed out of cookies set by CookieCrumbler (and XUF in non-secure cookie mode).
just more reasons to not use cookies for authentication, period.
What would you use instead? I have yet to find any alternatives to using cookies as part of the sessioning mechanism. Or are you referring to storing username and passwords in the cookie? If so ignore the question, because I think it is bad too :) regards, /dario