2009/3/26 Wichert Akkerman <wich...@wiggy.net>:
> Is that safe? Isn't there a risk of that csrf cookies persisting longer
> than the auth session?

The assumption with the CSRF vulnerability is that there *is* a cookie
that authenticates the user. If it had expired, this wouldn't be the
case.

\malthe
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

Reply via email to