[Seaside] Session (in)security?

Ramon Leon ramonleon at cox.net
Sat Jun 17 00:58:49 UTC 2006

> Right, so why not pick the least evil of the two? There isn't a perfect
> security model out there, but given the choice of a cookie and plain text
> url I'd go for cookie 10 times out of 10.
> -Boris

A cookie is plain text as well, and no more secure than the url. 
Seasides default prevents it from requiring cookies, a sensible default 
considering many peoples irrational fear of cookies and disabling of 
such.  It's hardly a cut and dry case that a cookie is less "evil" than 
the url, many think otherwise.

More information about the Seaside mailing list