Todd Wolfson

This was very close to being correct but we were encountering issues when the cookie had never been originally set. It looks like we had to correct the line: ```...

@rchekaluk is right. For me specifically, signing is to prevent brute force guessing someone else's session identifier For example attacker can guess aaaaa, aaaab, aaaac with different cookies With signing,...

Ah, you're right. That's a good point. Now that I think about it, maybe I wanted to use signing to prevent timing attacks With a normal database lookup (and no...

I might be misunderstanding you but it sounds like you're implying hashing and time constant comparisons are somehow slower than other methods Yes, rate limiting is great but timing attacks...

Yes, as more characters match, then the response time will increase -- this would allow the attacker to clue in that they have more correct starting characters This is less...

For Travis CI, we might be able to run the formatter then diff to see if there are changes/not. If there are changes (i.e. formatter wasn't run since last commit),...

If anyone else is still waiting for this to land, a friendly reminder that this patch can be copied via monkey patching: ```js const { Resizable, ResizableBox } = require('react-resizable');...

Unfortunately, `nw.js` has a custom Chromedriver server which searches for `nw`/`nw.exe`: https://github.com/nwjs/nw.js/wiki/Chromedriver which results in none of the proposed modules working. The reason for requesting these repos to be bundled...

Ah, if that's the case then we might be able to request the `nw` flavor of Chromedriver as a download option in https://github.com/pose/webdriver-manager

As a heads up, we really want to set `--chrome false` on the CLI. Otherwise, the Chromedriver's will overwrite each other =/ ``` bash webdriver-manager update --standalone true --chrome false...