Konstantin Antselovich

a note from security ppl that session/login cookies that normally delivered via https have to be explisidly marked as "secure" so they _only_ delivered via https. Otherwise bad ppl can hijack them.

This entry was posted on Wednesday, September 17th, 2008 at 12:26 pm and is filed under cookies, for:charlesnw, for:collidr, programming, Security, ssl, web. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.