On 7 February 2013 09:55, Donald Stufft <[email protected]> wrote:
> http://en.wikipedia.org/wiki/Session_fixation
>
> packages.python.org can set a .python.org cookie which www.python.org will
> read.
Damn, cookies are busted :-(
At least secure cookies are safe, right? Right? Ugh, probably not.
So the only real solution is the one you use, which is to set up the
unsafe content on a separate domain. Easy enough, even I can buy
domains ;-)
Richard
_______________________________________________
Catalog-SIG mailing list
[email protected]
http://mail.python.org/mailman/listinfo/catalog-sig
