Simon Kitching schrieb: > By the way, I don't see cookies as a lot more secure. The cookie text is > also sent in plain text in both the request and response bodies. There > aren't many cases where someone can intercept the url but not the > cookies. But thanks for the reference to OWASP; I'll have a look at what > they say about that.
Hi, I do get your point with the dev environment and logging in multiple times. However, even though http transfer is the same for urls and cookies the url may be transferred for referred images and links to other sites as the referrer, e.g. the url of a page that a link was clicked on. This is hard to get around correctly and the reason for this setup to be so unpopular securitywise. Cheers, Olaf
