vandevel schrieb: > Ok, so I have confirmed that by simply commenting out lines 290 to 293 > that the problem goes away.
Ok, that's more plausible than the MonkeyDecodingFilter patch. In fact these lines were changed after 1.0.3.2 (since the SVN tag was modified later, I assumed the MonkeyDecodingFilter was the only larger change). One explanation why this cookie expiration patch may be problematic is that the "expires" attribute makes MSIE regard the cookie as persistent (i.e. not a session cookie) and thus apply a different security level that inhibits the cookie. In fact I consider it also a security risk to set the expires attribute. If you close your browser and leave your PC switched on, anybody can reactivate your session within the session timeout, without logging in. And another problem may appear when the times on the server and client are not in sync or time zones not computed correctly. So I think that patch should be reverted. -- Christoph --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
