[Seaside-dev] Issue 325 in seaside: Force the use of cookies
codesite-noreply at google.com
codesite-noreply at google.com
Fri Jan 30 14:57:41 UTC 2009
Status: Accepted
Owner: ----
Labels: Type-Feature Priority-Low Version-Seaside2.9 Security
New issue 325 by jfitzell: Force the use of cookies
http://code.google.com/p/seaside/issues/detail?id=325
This came out of discussion in Issue 304.
It might be nice to have a setting to force the use of cookies in your
application. This would ensure that URLs were never written containing the
session key.
This could possibly be done in WARegistry>>addCookieForHandler:to: by
forcing a redirect with a "cookieTest" field in the URL and then catching
incoming requests with "cookieTest" set but no cookie and responding with
an error.
Rather than having a new setting for this, #useCookies could possibly be
changed to a select box with "no/yes/force" or similar as options. This
would ensure nonsensical combinations.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
More information about the seaside-dev
mailing list