On Wed, 2001-11-14 at 18:07, Ken Lalonde wrote: > - after successful name+password authentication in an SSL session, > drop the old session and generate a new one. > Set the "secure" flag in the associated _SID_ cookie > sent to the client, to reduce the risk of eavesdropping.
And, since you were mentioning security, I thought I'd mention that there's a new field type in FFK CVS for doing secure logins without SSL -- using Javascript to do a MD5 hash of the password (in FunFormKit.Field.MD5PasswordField). It seems to work decently enough, though it's somewhat less secure than it could be for convenience sake. Ian _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
