>>Does that mean you are using 'Basic' authentication?
>>AFAICS, that means everything should go over HTTPS - something we want to avoid........
>
>No, https is not required for enabling a cookie.
Not required - but less secure without ?
>Basic authentication is also not in place as this would require to use a pre-defined database setup to be able to negotiate with that or intercept at high level the HTTP layer to validate against your own database with your actual application.
Don't you have to authenticate before issuing the cookie IAC ?
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement