Archive for the 'cookies' Category
An article that describes a method to create a permanent cookie based on If-Modified and Etag HTTP headers. Currently this is used in “the wild” by several banner and add networks. The method is possible because of the simplified implementation of …
a note from security ppl that session/login cookies that normally delivered via https have to be explisidly marked as “secure” so they _only_ delivered via https. Otherwise bad ppl can hijack them.
[yet another one] proposal for secure session cookies