[Catalyst] warning
Wade.Stuart at fallon.com
Wade.Stuart at fallon.com
Wed Jan 23 18:57:06 GMT 2008
"Octavian Rasnita" <orasnita at gmail.com> wrote on 01/23/2008 12:23:48 PM:
> From: <Wade.Stuart at fallon.com>
> >
> > Try setting the cookie to a more reasonable second count (1 day)
and
> > see if that resolves your issue. All of the browsers handle extended
> > cookies a bit differently and while one setting may work on IE, the
smae
> > may cause a nocookie on firefox. I really believe your problem is one
of
> > cookie expiration (or content length) and not one where you have to
mess
> > around setting the domain again (that problem is solved for you -- stop
> > looking for zebras).
>
> But if I do that and a client will close the browser without logging off,
> somebody else could open the browser and the app will recognize him as
the
> owner of the account, so it could be a big security issue.
> That's why I need to have cookies which are not saved and used after the
> browser was closed.
>
> Can I set the expiry date and avoid that security risk?
>
> Thank you.
>
> Octavian
Octavian, diagnose the issue. See if setting the cookie to a reasonable
second count fixes the issue. See if it is a expiry issue or something
else. I am not asking you to redesign your app -- just pinpoint the issue
without assuming it is the domain setting in the cookie.
More information about the Catalyst
mailing list