[Zope-CMF] CookieCrumbler security issue?
Chris Withers
chris at simplistix.co.uk
Fri Jan 23 04:21:53 EST 2004
Lennart Regebro wrote:
> SSL? I don't really see the use in trying to create a completely new
> secure authorization system. :)
Are there any situations where a cookie sent via SSL could be returned via
normal HTTP?
> Good question, I timeout would be good. Maybe storing it in a session
> variable?
Hmmm, now htere's an intersting idea. I've miss-used Session data containers
like this in the past already ;-)
cheers,
Chris
More information about the Zope-CMF
mailing list