[Zope] CookieCrumbler and __ac
Martijn Pieters
mj at zopatista.com
Thu Feb 1 05:35:27 EST 2007
On 1/31/07, mark hellewell <mark.hellewell at gmail.com> wrote:
> and was wondering why the auth cookie is deleted from the request every
> time?
The cookie information is removed from the request, the cookie itself
still remains in the browser cookie store for the next request. I
assume that removing it keeps other Zope code (which may be untrusted)
from snooping on that information. In other words, it's a security
measure.
--
Martijn Pieters
More information about the Zope
mailing list