Environment versions
Network:
Windows 2003 Server
>>I think MS missed the boat by using the mangled URL as alternative. Having the cookie stored within normal payload data would have been better - even down to allowing new, encrypted non-diskable cookies to be updated via HTTPS:// rest without breaking too much other architecture.
>
>Yes, this is exactly my point. If it would have been simply added in the query string, I would have been ok with that. At first, this is what I thought it was. Today, when I started to look at this, this is where I realized "Oh, is that really what the URL would look like".
It looks like that on your browser (and may be visible in the same way in browser history) - but with https it's encrypted over the wire.
In that respect I don't see it as being any less secure than cookies.
Previous
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only