Hi, sounds plausible, thanks for the reply :)


On 2/1/07, Martijn Pieters <[EMAIL PROTECTED]> wrote:

On 1/31/07, mark hellewell <[EMAIL PROTECTED]> wrote:
> and was wondering why the auth cookie is deleted from the request every
> time?

The cookie information is removed from the request, the cookie itself
still remains in the browser cookie store for the next request. I
assume that removing it keeps other Zope code (which may be untrusted)
from snooping on that information. In other words, it's a security

Martijn Pieters

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to