From 6f6f20be24c841e61f999a4cff0bb86cf671aa56 Mon Sep 17 00:00:00 2001
From: xue <>
Date: Mon, 13 Feb 2006 02:53:49 +0000
Subject: Updated cookie tutorial.

---
 demos/quickstart/protected/pages/Security/Cookie.page | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/demos/quickstart/protected/pages/Security/Cookie.page b/demos/quickstart/protected/pages/Security/Cookie.page
index 843f99fb..6e95e380 100644
--- a/demos/quickstart/protected/pages/Security/Cookie.page
+++ b/demos/quickstart/protected/pages/Security/Cookie.page
@@ -14,10 +14,18 @@ There are several countermeasures to prevent cookies from being attacked.
   <li>Validate cookie data and detect if they are altered.</li>
 </ul>
 <p>
-Prado implements a cookie validation scheme. It associates cookie data with the target remote host address and user agent. HMAC check is performed to ensure that cookie data is not altered and is sent from the expected source.
+Prado implements a cookie validation scheme that prevents cookies from being modified. In particular, it does HMAC check for the cookie values if cookie validation is enable.
 </p>
 <p>
-Cookie validation is enabled by default. To obtain validated cookie data, retrieve them from the <tt>Cookies</tt> collection of <tt>THttpRequest</tt> by using the following PHP statements,
+Cookie validation is disabled by default. To enable it, configure the <tt>THttpRequest</tt> module as follows,
+</p>
+<com:TTextHighlighter Language="xml" CssClass="source">
+<modules>
+  <module id="request" class="THttpRequest" EnableCookieValidation="true" />
+</modules>
+</com:TTextHighlighter>
+<p>
+To make use of cookie validation scheme provided by Prado, you also need to retrieve cookies through the <tt>Cookies</tt> collection of <tt>THttpRequest</tt> by using the following PHP statements,
 </p>
 <com:TTextHighlighter CssClass="source">
 foreach($this->Request->Cookies as $cookie)
-- 
cgit v1.2.3