On Thu, Sep 24, 2009 at 5:33 PM, Chris Beaven <[email protected]> wrote:
>
> Personally, I don't see much point in specifically reporting on
> incorrectly signed cookies - imo they should just be treated as if
> they never existed. If someone really cared, they can look in
> request.COOKIES to see if the cookie was in there but not in
> SIGNED_COOKIES.
I suppose. IMHO silent failures are usually a bad thing. I generally like
to know if (a) there's an error on my site, or (b) someone is trying to do
something nasty, even if all that means is:
try:
...
except BadSignature:
pass # or a log.debug(...)
Tobias
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
