Hi, in CookieCrumbler.modifyRequest I see: self.delRequestVar(req, self.auth_cookie) and was wondering why the auth cookie is deleted from the request every time? Thanks, Mark
On 1/31/07, mark hellewell <mark.hellewell@gmail.com> wrote:
and was wondering why the auth cookie is deleted from the request every time?
The cookie information is removed from the request, the cookie itself still remains in the browser cookie store for the next request. I assume that removing it keeps other Zope code (which may be untrusted) from snooping on that information. In other words, it's a security measure. -- Martijn Pieters
Hi, sounds plausible, thanks for the reply :) mark On 2/1/07, Martijn Pieters <mj@zopatista.com> wrote:
On 1/31/07, mark hellewell <mark.hellewell@gmail.com> wrote:
and was wondering why the auth cookie is deleted from the request every time?
The cookie information is removed from the request, the cookie itself still remains in the browser cookie store for the next request. I assume that removing it keeps other Zope code (which may be untrusted) from snooping on that information. In other words, it's a security measure.
-- Martijn Pieters
participants (2)
-
mark hellewell -
Martijn Pieters