Previously Malthe Borch wrote:
> Such parameters are typically found in cookies; for example, a session
> id or a login credentials token.

Is that safe? Isn't there a risk of that csrf cookies persisting longer
than the auth session?


Wichert Akkerman <>    It is simple to make things.                   It is hard to make things simple.
Repoze-dev mailing list

Reply via email to