[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cookie verification
RFC 2408 in Section 2.5.3 contains few MUSTs as well as recommendations
for cookie generation. I am not clear on the "verification of cookie"
part, which is the whole reason for not simply selecting a random number
for cookies value.
Could someone explain the "standard" technique of generation and
especially subsequent verification of cookies? Does anyone uses this
technique and verifies other vendor cookies?
Follow-Ups: