[Seaside] Session tracking without URL field yet supporting
"multi session"
Esteban A. Maringolo
emaringolo at gmail.com
Sat Oct 3 16:17:57 UTC 2015
2015-10-03 13:14 GMT-03:00 Esteban A. Maringolo <emaringolo at gmail.com>:
> Local storage is just a dictionary, and it will be readable by ANY
> user of the browser, so it is very much like Cookies in this sense,
> with the added part of requiring to recover the session token from it
> before performing any HTTP request, and being recoverable not only by
> your site, but with anybody
> with access to the browser.
I meant, via XSS. Cookies and localStorage are secured by origin.
More information about the seaside
mailing list