[Owasp-leaders] jowasp.org

Jim Manico jim.manico at owasp.org
Thu Aug 28 06:38:51 UTC 2014


There are no need for domain cookies or cross-domain anything. I'll go 
the "java.owasp.org" route. All good.

Aloha,
Jim

On 8/27/14, 11:35 PM, Achim wrote:
> Am 28.08.2014 03:24, schrieb Kevin W. Wall:
>> but just change it so that it uses domain cookies rather than site
>> cookies.
> NO!
>
> Please don't do that.
> OWASP tries to teach people security, and domain cookies are a insecure solution there.
>
> Achim
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list