nanog mailing list archives
Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)
From: Matt Palmer <mpalmer () hezmatt org>
Date: Fri, 18 Jan 2013 09:38:53 +1100
[Cookies on stat.ripe.net] On Wed, Jan 16, 2013 at 11:36:25AM -0800, Shrdlu wrote:
The cookie stays around for a YEAR (if I let it), and has the following stuff: Name: stat-csrftoken Content: 7f12a95b8e274ab940287407a14fc348
[...]
To your credit, you only ask once, but you ought to ask zero times.
CSRF protection is one of the few valid uses of a cookie. It shouldn't need to be set on every page, though, and it should be cleared immediately after the form submission. It's typically a lot easier in the site code just to set it once and be done with it. By the way, if anyone *does* know of a good and reliable way to prevent CSRF without the need for any cookies or persistent server-side session state, I'd love to know how. Ten minutes with Google hasn't provided any useful information. - Matt
Current thread:
- Re: ripe/ncc likes cookies, (continued)
- Re: ripe/ncc likes cookies Randy Bush (Jan 12)
- Re: ripe/ncc likes cookies Andrew Latham (Jan 12)
- Re: ripe/ncc likes cookies Randy Bush (Jan 12)
- Re: ripe/ncc likes cookies Grant Ridder (Jan 12)
- Re: ripe/ncc likes cookies Randy Bush (Jan 12)
- RE: ripe/ncc likes cookies Keith Medcalf (Jan 12)
- Re: ripe/ncc likes cookies Randy Bush (Jan 12)
- Re: ripe/ncc likes cookies Owen DeLong (Jan 14)
- Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Shrdlu (Jan 16)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) john (Jan 17)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Matt Palmer (Jan 17)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) . (Jan 18)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Matt Palmer (Jan 19)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) George Herbert (Jan 19)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) Matt Palmer (Jan 20)
- Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...) George Herbert (Jan 20)