[pubcookie-dev] RE: latest mod_pubcookie.c changes, 1.188
dors at cac.washington.edu
Fri Oct 28 15:59:27 PDT 2005
> We also ought to clear the session cookie if it cannot be decoded -
> just like we do now for the granting cookie. If I have a bogus
> session cookie (am using post method) I get infinite loop through
> the login server due to the bogus session never getting cleared.
To what cookie domain was this bogus session cookie scoped?
More information about the pubcookie-dev