[dokuwiki] cookies
- From: Jason Keltz <jas@xxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 26 Sep 2007 09:22:38 -0400
All this discussion about cookies is making me hungry! :)
However, I too have a question re: cookies with respect to DokuWiki.
Presently, I use https for my DokuWiki sites in order to protect
usernames and passwords, many of which would be sent in the clear over
untrusted (wireless) networks. However, I believe that https is slowing
down the site. I've seen cases where sites (including say, orkut.com)
do https login, and then redirect to http. My question is -- can I do
something like this in DokuWiki? More importantly, how could I prevent a
session from being hijacked given that a hacker could snoop the cookie,
and steal the session of a logged in user without the use of their
username/password? (It seems like this is just a general web problem,
for which, there may very well be no solution...)
Jason.
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts: