Michael B Allen wrote:
Otherwise, you wouldn't need to use
cookies at all - you could just store the authenticator in the HTTP
session on the server. From a security perspective, cookies can be
sniffed just like session ids so there's not a great benefit there.
But the paper also has a section t
On Mon, Feb 2, 2009 at 1:05 PM, Paul A Houle wrote:
> Note that sites like yahoo, google, amazon, twitter, ebay, and digg
> don't use Basic Auth, Digest Auth or any of the Auth systems built into the
> http standard. They use the unofficial standard that's described in the
> following pap
