Comment #6 on issue 1552 by trowbrds: Need option to expire cookies

I certainly didn't mean to give you the impression that I don't care about security. I do, it's just that when it comes to security, cookie expiration doesn't make a
difference one way or the other.

For stolen endpoints, you still would have the problem of browser history and cache. The only way to prevent data from being stored on-disk here is to run a browser in incognito/private mode, in which case the cookie isn't a problem anyway. The real way to protect your secrets on these devices is to have the device locked in some way
(authentication turned on, perhaps encrypted filesystems, etc).

If a secret is important enough that you're willing to inconvenience your users over it (login every time, or encrypted laptop filesystems+login, etc), it's really worth
putting your reviewboard server behind a VPN.

You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:

You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at

Reply via email to