Hi,
I agree that we should treat session cookies as sensitive and hide them
like we do with passwords. That said, please be aware that all the
SafeException reporters are best effort and it is generally not possible to
have a "safe" exception.
In that sense, patches welcome but we are not
Hi,
AFAIU, SafeExceptionReporterFilter takes care of removing any sensitive
data from logs. However, I today realized that this does not cover
session cookies.
In a ticket about this issue[1] it was treated not as a security issue
but more as a request for customization. That puzzled me a