Implement Secure Cookie Sessions #139
Comments
|
Chasing that link, it's been published as an RFC https://datatracker.ietf.org/doc/rfc6896/ with the caveat: |
|
Sure, but there is no RFC, so this is more of a "best practices" document, which is the best we can do. If you know of better ways to have cookies that avoid replay attacks and etc, we're open to suggestions. |
|
I wasn't complaining; just trying to help someone trying to find the document you point to. The page linked in the issue description doesn't make it obvious where the actual document is. Once I found the document, I added the direct link in my earlier comment. I don't know enough to have an opinion about the value of implementing this in Aspen. |
|
Ah, I see; my original link was to a particular version, which has since been updated. Thanks for the link update! |
https://datatracker.ietf.org/doc/draft-secure-cookie-session-protocol/?include_text=1 is the most current spec.
The text was updated successfully, but these errors were encountered: