Sophana wrote: > Christoph Zwerschke a écrit : >> Maybe we should make '/' the default CookiePath again instead of None >> (automatic determination)? This is less secure, but at least it will >> always work (Microsoft policy ;-) This issue has already caused too much >> confusion in the past. >> > Could you tell us more about this security problem?
The problem with the session cookie path is explained in this document: http://www.net-security.org/dl/articles/cookie_path.pdf -- Christoph ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Webware-discuss mailing list Webware-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/webware-discuss