Re: Linking a cookie to an IP address is a very bad in 2015...

On 2 April 2015 at 09:11, Zhong Yu <> wrote:
> The server can bind state to the TLS
> session; there's no need for an HTTP cookie, if the site is HTTPS
> only.

I always recommend against that.  Connections break.

Received on Thursday, 2 April 2015 16:20:02 UTC