Quote:
Originally Posted by whalt
The only problem is that cookies are passed as text in the clear so anyone snooping would be able to fake the cookie pretty easily.
|
Yes, but if the authentication token is hashed against the current time, and expired as soon as it's accepted, it shouldn't matter. It's disposable.