[pubcookie-dev] RE: latest mod_pubcookie.c changes, 1.188

[Nathan Dors]

> We also ought to clear the session cookie if it cannot be decoded -
> just like we do now for the granting cookie.  If I have a bogus
> session cookie (am using post method) I get infinite loop through
> the login server due to the bogus session never getting cleared.

To what cookie domain was this bogus session cookie scoped?

-Nathan