Previously Malthe Borch wrote:
> Such parameters are typically found in cookies; for example, a session
> id or a login credentials token.

Is that safe? Isn't there a risk of that csrf cookies persisting longer
than the auth session?

Wichert.

-- 
Wichert Akkerman <wich...@wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

Reply via email to