bblfish
commented
8 years ago Sessions Cookies are encrypted in Play.
The issue here may be to make sure the cookies don't leak out of https, or even the origin domain.
Open bblfish opened 8 years ago
bblfish
commented
8 years ago Sessions Cookies are encrypted in Play.
The issue here may be to make sure the cookies don't leak out of https, or even the origin domain.
Check that the setting of cookies follow same origin policies correctly following discussion on WebAppSec mailing list, and summarized A view on SOP Wiki.