|
|
|
|
|
|
by shadowfiend
5189 days ago
|
|
|
Notably, this would only happen if you have data in the user's session that the user themselves cannot get to by using the site. I confess I can't think of any such session data, but I suppose it could exist. And yes, some sort of HMAC is pretty much mandatory if you're going to do client-side session storage securely, no question. |
|
|