What is of more crypto / security interest is not bandwidth use
or even domain or path restrictions, but failure of webdevs to
seed and restrict sensitive cookies (like your authenticated
session id's) from and to TLS only sessions.
Well known top100 sites that still have a legacy http mode
fail to
On Sep 16, 2015, at 6:31 AM, Lodewijk andré de la porte wrote:
> No. Every request has a header with the cookies in it.
>
> Again: /every request contains the cookie/
>
> This is also a reason for placing static content on a seperate server; it
> saves bandwidth by not sending the cookie in t
No. Every request has a header with the cookies in it.
Again: /every request contains the cookie/
This is also a reason for placing static content on a seperate server; it
saves bandwidth by not sending the cookie in the request.
___
cryptography mailin
On 2015-09-16 11:40, Givon Zirkind wrote:
is it correct that [web page] cookies are trully local?
Web page cookies are always sent to the server.
And what is truly evil is that umpteen different websites may include a
link to google, which sends google the google cookies, so that google
know
is it correct that [web page] cookies are trully local? is it correct,
that they are not passed to the server when a submit button is pressed
unless specifically sent. unlike [web page] form data which is
automatically passed to the server.
___
cry