idp.session.consistentAddress and real security implications.
putmanb at georgetown.edu
Mon Apr 25 16:03:33 EDT 2016
On 4/25/16 3:55 PM, Cantor, Scott wrote:
>> For that reason, the info I found recommended that local storage not be
>> used for the storage of any security-sensitive info, so as OAuth security
>> tokens or any other kind of bearer token, and of course not passwords,
>> secrets, etc.
> And cookies are the original bearer token and are obviously vulnerable, which is where we came in.
True. The articles I read however argued that in general cookies are
still more secure and a better choice for security info since, unlike
local storage, you can and should set HttpOnly and thereby at least
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users