You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by gi...@git.apache.org on 2017/09/30 18:08:27 UTC

[GitHub] realulim commented on issue #844: Security: Provide a Way to Delete Cookies

realulim commented on issue #844: Security: Provide a Way to Delete Cookies
URL: https://github.com/apache/couchdb/issues/844#issuecomment-333325891
 
 
   Ok, then I have misunderstood how the procedure works. I thought stateless meant that they are not related to a user session, i. e. the server does not keep state. So if the server does not store the tokens, an attacker can use them indefinitely? In terms of security they are equivalent to the username/password combination then?
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services