[ProgSoc] I am very interested in you!
peter.dolkens at ddrit.com
Thu Sep 2 20:41:27 EST 2010
<http://guides.rubyonrails.org/security.html>Some of the concepts discussed
in here should help you.
On Wed, Sep 1, 2010 at 12:36 AM, Peter Dolkens <peter.dolkens at ddrit.com>wrote:
> With the token system, there's no need to send an explicit logout
> instruction, removing the cookie, removes the token, effectively logs you
> Yes you should probably send back "oh hey, this session is over" for
> security reasons just incase someone tries to steal the cookie, but fact is,
> the second your cookie's gone, you're not logged in any more.
> On Mon, Aug 30, 2010 at 6:58 PM, Noah O'Donoghue <noah.odonoghue at gmail.com
> > wrote:
>> On Sunday, August 29, 2010, Tomislav Bozic <tomchristmas at progsoc.org>
>> >When you log out, the session is terminated (by sending an empty
>> > cookie) and authentication stops.
>> Surely you couldn't send a blank cookie or it wouldn't know who to log
>> Progsoc mailing list
>> Progsoc at progsoc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Progsoc