[Cosmo-dev] CMP and AJAX
Brian Moseley
bcm at osafoundation.org
Thu Sep 21 16:49:37 PDT 2006
On 9/21/06, Matthew Eernisse <mde at osafoundation.org> wrote:
> The cookie option is probably even worse than a JS variable, since
> cross-site shenanigans could in theory give malicious people access to
> that cookie. There's also a nice GUI you can use to look at all the
> cookies set in a browser. Poking around for a variable with a JS shell
> would at least require some facility with programming and knowledge of
> the source code.
yea, but the issue is storing the credentials from the point when they
are submitted on the login screen, across the page refresh to the next
screen, at which point the credentials are needed by ajax requests.
where does the login screen put the credentials so that the next
screen can see them?
More information about the cosmo-dev
mailing list