On 1/31/07, mark hellewell <[EMAIL PROTECTED]> wrote:
and was wondering why the auth cookie is deleted from the request every
time?


The cookie information is removed from the request, the cookie itself
still remains in the browser cookie store for the next request. I
assume that removing it keeps other Zope code (which may be untrusted)
from snooping on that information. In other words, it's a security
measure.

--
Martijn Pieters
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to