idp.session.consistentAddress and real security implications.
putmanb at georgetown.edu
Mon Apr 25 17:05:35 EDT 2016
On 4/25/16 4:05 PM, Cantor, Scott wrote:
>> True. The articles I read however argued that in general cookies are still
>> more secure and a better choice for security info since, unlike local storage,
>> XSS vectors.
> That is about the saddest thing I've read in a while.
I'm not saying that they're right, only reporting what my (probably
small) sampling seemed to agree on. Still trying to understand all the
issues myself. There's a tradeoff either way: with local storage you
there's the problem with binding it to the browser and legitimate user.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users