Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

sign our session cookies #1500

Closed
chadwhitacre opened this issue Sep 24, 2013 · 1 comment
Closed

sign our session cookies #1500

chadwhitacre opened this issue Sep 24, 2013 · 1 comment
Labels
★☆☆

Comments

@chadwhitacre
Copy link
Contributor

We should protect our sessions against MITM and DNS poisoning by signing our session cookies. References:

http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf
http://security.stackexchange.com/questions/7398/secure-session-cookies
AspenWeb/pando.py#139
@chadwhitacre chadwhitacre mentioned this issue Sep 24, 2013
Merged
@ghost ghost assigned chadwhitacre Oct 12, 2013
@Changaco
Copy link
Contributor

The session cookie itself doesn't need to be signed. Signing other cookies is discussed in #715.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
★☆☆
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chadwhitacre @Changaco