- From: Timothy D. Morgan <tmorgan@vsecurity.com>
- Date: Fri, 5 Feb 2010 10:41:31 -0800
Hello, Not long ago I published a paper which makes some observations about the state of security in web session management and proposes some small changes in browsers. Someone suggested I post it here for comments. See: http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf I'm currently most interested in feedback on the proposed change in 401 behavior vs the possible header addition for log outs. I realize the WHATWG may not mess with stuff at the HTTP level much, but I definitely welcome any comments. Regards, tim
Received on Friday, 5 February 2010 10:41:31 UTC