On Wed, Jun 6, 2012 at 9:15 PM, Jeff Trawick <traw...@gmail.com> wrote: > On Wed, Jun 6, 2012 at 3:49 PM, Joe Schaefer <joe_schae...@yahoo.com> wrote: >> Session cookies sometimes pose a security risk as well. > > Yeah. That could be any cookie though although there are a few very > common defaults :( My guess is that cookie values are more useful for > debugging crashes than Authorization headers, but that it should still > be opt-in. > > Thoughts, anyone? >
+1 to separate knob to opt-in to Cookie logging.