Hacker News new | past | comments | ask | show | jobs | submit login

Upgrading cookies is a bad idea. Revoking them and requiring reauthentication is better. See the talk I gave at Google on web crypto where I talk about exactly that situation.

http://rdist.root.org/2009/08/06/google-tech-talk-on-common-...

Your last paragraph shows you now have better understanding of this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: