|
|
|
|
|
|
by stoph
5410 days ago
|
|
|
Is there any connection to be made between this article and the usage of signed cookies to hold session state? Database-backed sessions hold a state that you know your application set at one point, but a signed cookie, if forged, could have much bigger ramifications. Since no one gets cryptography right, it seems like this would be another instance not to trust it. |
|
|