idp.session.consistentAddress and real security implications.

Cantor, Scott cantor.2 at
Mon Apr 25 16:05:15 EDT 2016

> True.  The articles I read however argued that in general cookies are still
> more secure and a better choice for security info since, unlike local storage,
> you can and should set HttpOnly and thereby at least prevent the Javascript
> XSS vectors.

That is about the saddest thing I've read in a while.

-- Scott

More information about the users mailing list