Open enasni opened 11 years ago
The method for creating the user session cookie is not creating secure cookies. This allows for the cookie to be modified on the client side.
Suggest using the ".signed" method when issuing client side cookies.
The method for creating the user session cookie is not creating secure cookies. This allows for the cookie to be modified on the client side.
Suggest using the ".signed" method when issuing client side cookies.