Mastodon Feed: Post

Mastodon FeedNov 21, 2024, 8:59 PM

Reblogged by slightlyoff@toot.cafe ("Alex Russell"):

lcamtuf@infosec.exchange ("lcamtuf :verified: :verified: :verified:") wrote:

There's a good blog post from @april about cookie parsing: https://grayduck.mn/2024/11/21/handling-cookies-is-a-minefield/

And I guess it's time to dust off my broader, 2010 rant about the same: https://lcamtuf.blogspot.com/2010/10/http-cookies-or-how-not-to-design.html

Some things have improved, but cookies are still a bit of a design fail.