Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove expiration attribute from zlux session cookie #81

Closed
1000TurquoisePogs opened this issue Apr 2, 2019 · 0 comments

Comments

@1000TurquoisePogs
Copy link
Contributor

commented Apr 2, 2019

Cookies with an expiration attribute are likely to be stored on-disk, which is less secure than them being kept in-memory.
If the expiration attribute is removed, then we get better browser behavior, and hopefully we can still mark cookies as invalid when they arrive at the server just by tracking the lifetime of them from within the server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.