[Phplib-users] Re: more on session fixation...
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] Re: more on session fixation...
|
From: Giancarlo <gia...@na...> - 2003-03-03 23:40:35
|
> whenever you carry some token-credential in your headers, eg a > session cookie that grants authentication, it is safe to travel > inside the SSL tunnel. And stick to it. > My question is: who's task is it to prevent the user exiting the SSL In a perfect setup world, all links should be relative then? What about images. Shouldn't be desirable to bind the (https) protocol to the authenticated session and logout in case lost? I am telling this because I obviuosly advanced from the get/cookie stall ;-) G |
