> This comment displays a worrying misunderstanding of web security. Sending passwords (or credit card numbers or other scary stuff) in plaintext over the wire is bad
What are you talking about? Who said anything about plaintext? And no one said anything about sessions either.
If you're submitting to the server in plaintext, then returning in plaintext is no less secure, but you're stupid for not submitting over https which is free.
If you're submitting to the server over https then it's definitely no less secure to return the data.
What are you talking about? Who said anything about plaintext? And no one said anything about sessions either.
If you're submitting to the server in plaintext, then returning in plaintext is no less secure, but you're stupid for not submitting over https which is free.
If you're submitting to the server over https then it's definitely no less secure to return the data.