> This is why I try to use OpenID where possible, since my provider > supports certificate login, which removes the necessity from the web > site to support it (as long as it supports OpenID of course).
That's handy, but doesn't that mean the website you're accessing will still use cookies once you're authenticated? tim _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security