[Zope] CookieCrumbler and __ac
mark hellewell
mark.hellewell at gmail.com
Mon Feb 5 06:09:37 EST 2007
Hi, sounds plausible, thanks for the reply :)
mark
On 2/1/07, Martijn Pieters <mj at zopatista.com> wrote:
>
> On 1/31/07, mark hellewell <mark.hellewell at gmail.com> wrote:
> > and was wondering why the auth cookie is deleted from the request every
> > time?
>
> The cookie information is removed from the request, the cookie itself
> still remains in the browser cookie store for the next request. I
> assume that removing it keeps other Zope code (which may be untrusted)
> from snooping on that information. In other words, it's a security
> measure.
>
> --
> Martijn Pieters
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20070205/1b0afb52/attachment.htm
More information about the Zope
mailing list