Judofyr: This isn't a question to ask _why. It simply cannot be done.
Stealing cookies is not the same thing as XSS, and locking cookies to
an IP address will not stop XSS at all. Locking cookies to an IP
address (as I wrote in my git commit where I removed it) will lock out
AOL users, and
On Fri, Jun 6, 2008 at 6:07 AM, Magnus Holm <[EMAIL PROTECTED]> wrote:
> It looks like everyone has tried to fix the cookies lately, and no-one
> managed
> to get it 100% correctly...
>
Thanks for the code, that seems to work really well and prettily. I admit
that, though I love writing apps in i
It looks like everyone has tried to fix the cookies lately, and no-one managed
to get it 100% correctly.
The current implementation doesn't set the path correctly, and you can't use
@cookies in a #service-overload.
Qwzybug's patch fixed only the sessions.
Jenna's patch won't allow to set complex
3 matches
Mail list logo
