[ProgSoc] I am very interested in you!

Peter Dolkens peter.dolkens at ddrit.com
Thu Sep 2 20:41:27 EST 2010


http://guides.rubyonrails.org/security.html

<http://guides.rubyonrails.org/security.html>Some of the concepts discussed
in here should help you.

On Wed, Sep 1, 2010 at 12:36 AM, Peter Dolkens <peter.dolkens at ddrit.com>wrote:

> With the token system, there's no need to send an explicit logout
> instruction, removing the cookie, removes the token, effectively logs you
> out.
>
> Yes you should probably send back "oh hey, this session is over" for
> security reasons just incase someone tries to steal the cookie, but fact is,
> the second your cookie's gone, you're not logged in any more.
>
>
> On Mon, Aug 30, 2010 at 6:58 PM, Noah O'Donoghue <noah.odonoghue at gmail.com
> > wrote:
>
>> On Sunday, August 29, 2010, Tomislav Bozic <tomchristmas at progsoc.org>
>> >When you log out, the session is terminated (by sending an empty
>> > cookie) and authentication stops.
>>
>> Surely you couldn't send a blank cookie or it wouldn't know who to log
>> out?
>>
>> -Noah
>>
>> _______________________________________________
>> Progsoc mailing list
>> Progsoc at progsoc.org
>> http://progsoc.org/cgi-bin/mailman/listinfo/progsoc
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://progsoc.org/pipermail/progsoc/attachments/20100902/156738ec/attachment.html>


More information about the Progsoc mailing list