2009/3/26 Wichert Akkerman <wich...@wiggy.net>: > Is that safe? Isn't there a risk of that csrf cookies persisting longer > than the auth session?
The assumption with the CSRF vulnerability is that there *is* a cookie that authenticates the user. If it had expired, this wouldn't be the case. \malthe _______________________________________________ Repoze-dev mailing list Repozefirstname.lastname@example.org http://lists.repoze.org/listinfo/repoze-dev