X-Git-Url: https://git.distorted.org.uk/~mdw/chopwood/blobdiff_plain/8c4d90a32395301a94508c5e1efee600a3b0c0c8..a6af9c2731b482dbf13fb26224cf5dcae7d757a5:/cookies.fhtml?ds=inline diff --git a/cookies.fhtml b/cookies.fhtml index 4b3019f..f8862b3 100644 --- a/cookies.fhtml +++ b/cookies.fhtml @@ -35,9 +35,9 @@ means).
The cookie contains a token which tells the server that you've logged in -properly. We could have chosen to use a hidden form field to carry this -token about, but that causes other trouble. +
The cookie contains a token which tells the server that you’ve +logged in properly. We could have chosen to use a hidden form field to +carry this token about, but that causes other trouble.
For example, if we used GET requests then the token would appear as part of a URL, where it would end up being written in the location bar of @@ -46,7 +46,7 @@ services; this obviously has an adverse effect on security. Also, the token is kind of long and ugly.
We could avoid this problem by using POST requests everywhere, but -that causes other trouble. In particular, you'd get that annoying +that causes other trouble. In particular, you’d get that annoying
The page that you’re looking for used information that you entered. Returning to hat page might cause any action that you took to be @@ -54,7 +54,7 @@ that causes other trouble. In particular, you'd get that annoyingmessage whenever you hit the reload button. -
If you actually look at the cookie, you find that it looks something like this: @@ -74,30 +74,30 @@ that if UTC had existed back then in its current form).
That's tricky. I could tell you that this program is -free software, and +
That’s tricky. I could tell you that this program is +free software, and that you can ">download its source code and check for yourself. -
That's true, except that it shouldn't do much to convince you that this -server is actually running the code it claims to be. And anyway, Chopwood -itself represents only one of many bits of software which could be keeping -track of you somehow through this cookie. +
That’s true, except that it shouldn’t do much to convince +you that this server is actually running the code it claims to be. And +anyway, Chopwood itself represents only one of many bits of software +which could be keeping track of you somehow through this cookie.
So, really, it comes down to trust. Sorry.