- Jan 17, 2008
-
-
Graham Cole authored
-
Graham Cole authored
-
Graham Cole authored
-
Graham Cole authored
-
- Jan 16, 2008
-
-
Graham Cole authored
-
Graham Cole authored
-
Graham Cole authored
- Begin to stop it being so logout happy for ordinary users who aren't doing anything particularly sensitive on the site by keeping track of when a user was last asked for credentials - Don't continue to use the same session identifier once a user is logged in; it's likely been sent insecurely - Mark session cookies as "SSL only" once logged in - Automatically bump users from HTTP to HTTPS for all requests whilst they're logged in
-
- Dec 14, 2007
-
-
Graham Cole authored
-
Graham Cole authored
-
- Nov 26, 2007
-
-
Denis Walker authored
-
Denis Walker authored
-
Denis Walker authored
-