pando.py icon indicating copy to clipboard operation
pando.py copied to clipboard
verified publisher icon AspenWeb

Implement Secure Cookie Sessions

Open pjz opened this issue 12 years ago • 4 comments

https://datatracker.ietf.org/doc/draft-secure-cookie-session-protocol/?include_text=1 is the most current spec.

pjz avatar Jan 16 '13 04:01 pjz

Chasing that link, it's been published as an RFC https://datatracker.ietf.org/doc/rfc6896/ with the caveat:

This document is not an Internet Standards Track specification;
it is published for informational purposes.

bruceadams avatar Jun 01 '13 11:06 bruceadams

Sure, but there is no RFC, so this is more of a "best practices" document, which is the best we can do. If you know of better ways to have cookies that avoid replay attacks and etc, we're open to suggestions.

pjz avatar Jun 01 '13 11:06 pjz

I wasn't complaining; just trying to help someone trying to find the document you point to.

The page linked in the issue description doesn't make it obvious where the actual document is. Once I found the document, I added the direct link in my earlier comment.

I don't know enough to have an opinion about the value of implementing this in Aspen.

bruceadams avatar Jun 01 '13 13:06 bruceadams

Ah, I see; my original link was to a particular version, which has since been updated. Thanks for the link update!

pjz avatar Jun 04 '13 14:06 pjz