On Sat, 2008-05-24 at 22:43 -0500, _why wrote: > On Sun, May 25, 2008 at 12:25:08AM +0200, Magnus Holm wrote: > > * The cookie session is named Camping::Session and is placed in > > camping/session.rb. Maybe this should be called Camping::CookieSession or??? > > You know, these cookie sessions seem like they could be a problem. > A lot of sessions would contain just the hash and the user name. > So, spoof the user name and you're in, you know?
Agreed, without an HMAC signature. _______________________________________________ Camping-list mailing list [email protected] http://rubyforge.org/mailman/listinfo/camping-list
