Closed pitpalme closed 9 years ago
If user was authenticated once it's state is saved in encrypted and signed cookie, so password verification is done only once.
Session is configured to be cookie-only, i.e. no persistence and no session data after process restart.
Session encryption and validation keys are elaborated on process startup from random data.
If user was authenticated once it's state is saved in encrypted and signed cookie, so password verification is done only once.
Session is configured to be cookie-only, i.e. no persistence and no session data after process restart.
Session encryption and validation keys are elaborated on process startup from random data.