Open bblfish opened 8 years ago
Check that the setting of cookies follow same origin policies correctly following discussion on WebAppSec mailing list, and summarized A view on SOP Wiki.
Sessions Cookies are encrypted in Play.
The issue here may be to make sure the cookies don't leak out of https, or even the origin domain.
Check that the setting of cookies follow same origin policies correctly following discussion on WebAppSec mailing list, and summarized A view on SOP Wiki.