Closed LucaCinquini closed 8 years ago
The user openid is stored in a cookie which currently is not secured - it can be sent through HTTP or HTTPS connections.
Done - the openid cookie set by the ORP can now be transmitted only through encrypted connections.
The user openid is stored in a cookie which currently is not secured - it can be sent through HTTP or HTTPS connections.