-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 4/23/09 8:47 PM, Zhihong wrote: > Most discussions in the other thread is about protecting callbacks. > How about if we look at this issue from a different angle? Instead of > trying to stop session fixation, we find ways to detect it. How about > if we drop a cookie?
Cookies won't work for anything but HTTP (and even then some HTTP user agents don't support cookies). Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknxPZ8ACgkQNL8k5A2w/vxBrwCdEqcOC8mwOYMAte82wtB0tWAZ kewAoPBrhMjWuRSJYkBMRM3AU1fRJgFc =o15o -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
