[Zope-dev] Rejecting HTTPS-only cookies over plain HTTP

Servilio Afre Puentes afrepues at mcmaster.ca
Thu Apr 3 15:02:41 EDT 2008


On Thu, 2008-04-03 at 14:41 -0400, Servilio Afre Puentes wrote:
> Hi folks!
> 
> I have just posted a bug report on what I see as an inconsistent
> behaviour of BrowserIdManager. I'd appreciate any comments on the
> current code.

Also, the patch I attached fixes a smaller bug causing a cookie not
being flushed if cookie_secure is set and the request is served over
plain HTTP.

Regards,

Servilio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20080403/7a5a7731/attachment.bin


More information about the Zope-Dev mailing list