This is actually a fairly large security hole unless you are carefully
controlling when the auth cookies are being passed to avoid sending those
cookies in the clear. Also the performance on https these days shouldn't be
an issue, more and more sites are moving to pure-https.
Regardless, the prege
On Mon, 2011-09-05 at 15:25 +, Dan Sommers wrote:
> On Sat, 03 Sep 2011 12:00:27 -0700, cd34 wrote:
>
> > Can you run LiveHeaders in firefox and see if it is actually resetting
> > the cookie when you log out the first time?
>
> With timeout and max_age set to 12000 and reissue_time set to 12
On Sat, 03 Sep 2011 12:00:27 -0700, cd34 wrote:
> Can you run LiveHeaders in firefox and see if it is actually resetting
> the cookie when you log out the first time?
With timeout and max_age set to 12000 and reissue_time set to 120, I
logged in, waited more than two minutes (i.e., longer than r
I take latest SVN revision number from local .svn dir entries
automatically upon application start, put it in settings, and use that,
for instance as:
example.com/static/js/foobar.js?rev=${settings["svn_revision"]}
I use global revision number, but it is possible to monitor the rev of
only
Hi,
in Pylons 1.0 or Pyramid, what is your better javascript cache
invalidation solution ?
Use some url like example.com/0.18.1dev2/js/foobar.js
that is append version number in url path ?
Do you use others solutions ?
Thanks for your comments.
Stephane
--
Stéphane Klein
blog: http://steph
