1 Feb
2007
1 Feb
'07
10:35 a.m.
On 1/31/07, mark hellewell <mark.hellewell@gmail.com> wrote:
and was wondering why the auth cookie is deleted from the request every time?
The cookie information is removed from the request, the cookie itself still remains in the browser cookie store for the next request. I assume that removing it keeps other Zope code (which may be untrusted) from snooping on that information. In other words, it's a security measure. -- Martijn Pieters