|
|
|
|
|
|
by lucian1900
4774 days ago
|
|
|
It is often useful to not have to store anything server-side and just round-trip signed data in the cookie. Of course, using a format that can execute code on deserialisation is still a bad idea: a successful attack on the signature should at most let someone impersonate a user, not do anything to an app. |
|
|