[Seaside] Session tracking without URL field yet supporting "multi session"

Esteban A. Maringolo emaringolo at gmail.com
Sat Oct 3 16:17:57 UTC 2015

2015-10-03 13:14 GMT-03:00 Esteban A. Maringolo <emaringolo at gmail.com>:
> Local storage is just a dictionary, and it will be readable by ANY
> user of the browser, so it is very much like Cookies in this sense,
> with the added part of requiring to recover the session token from it
> before performing any HTTP request, and being recoverable not only by
> your site, but with anybody
> with access to the browser.

I meant, via XSS. Cookies and localStorage are secured by origin.

More information about the seaside mailing list