[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Re: Cookies at XML Europe 2004 -- Call for Participation

• To: Joshua Allen <joshuaa@m...>
• Subject: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• From: Rich Salz <rsalz@d...>
• Date: Mon, 05 Jan 2004 15:48:32 -0500
• Cc: Elliotte Rusty Harold <elharo@m...>, Edd Dumbill <edd@u...>,David Kunkel <DKunkel@i...>, XML-DEV <xml-dev@l...>
• In-reply-to: <0E36FD96D96FCA4AA8E8F2D199320E529FBC22@R...>
• References: <0E36FD96D96FCA4AA8E8F2D199320E529FBC22@R...>
• User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

> The login token stored in the cookie can always be embedded in the URL
> path, which is what ASP.NET does when you set the "cookieless auth"
> setting to true.  I've also done this in non-ASP systems

Yeah, I explicitly ignored that kind of thing since it seems it would be 
  an even greater violation of REST, and Elliotte "RESTy" Harold's :) 
initial point.

	/r$
-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

• References:
  • RE: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: "Joshua Allen" <joshuaa@m...>

• Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by Date: RE: Formalism and complexity
• Previous by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
• Index(es):
  • Date
  • Thread