> I believe it's done that way because that's how HTTP basic authentication
> works.
>
> That allows you to use cflogin to authenticate a person who has already been
> authenticated that way.
That sounds the wrong way around.
For cflogin to recycle HTTP Basic Authentication credentials, CF
is only required to be able to read them. That does in no way
require CF to recycle that very unsafe mechanism when it is
setting its own cookies.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
