From c6cf2568bd186fe46dea6aeefec17e046a595b52 Mon Sep 17 00:00:00 2001 From: xue <> Date: Sun, 12 Feb 2006 02:14:50 +0000 Subject: Updated cookie attack prevention tutorial page. --- .../quickstart/protected/pages/Security/Cookie.page | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'demos/quickstart/protected/pages') diff --git a/demos/quickstart/protected/pages/Security/Cookie.page b/demos/quickstart/protected/pages/Security/Cookie.page index e042f894..843f99fb 100644 --- a/demos/quickstart/protected/pages/Security/Cookie.page +++ b/demos/quickstart/protected/pages/Security/Cookie.page @@ -11,5 +11,24 @@ There are several countermeasures to prevent cookies from being attacked.
+Prado implements a cookie validation scheme. It associates cookie data with the target remote host address and user agent. HMAC check is performed to ensure that cookie data is not altered and is sent from the expected source. +
++Cookie validation is enabled by default. To obtain validated cookie data, retrieve them from the Cookies collection of THttpRequest by using the following PHP statements, +
++To send cookie data encoded with validation information, create new THttpCookie objects and add them to the Cookies collection of THttpResponse, +
+