ext_7923 ([identity profile] cjsmith.livejournal.com) wrote in [personal profile] roseembolism 2008-08-20 06:38 pm (UTC)

Good point. Session cookies bad; news at 11. Where I work, we use session cookies unencrypted too, but we also a) don't really have any sensitive info, and b) ask for the previous password when the user wants to change it. This is the first time I've heard of a problem where more sensitive stuff is linked to a single session cookie over a non-encrypted connection; maybe this will alert web types to avoid that kind of design in the future.
(5 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting
 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.