[cgiapp] enciphered-cookie-only sessions

[Michael Peters]

Ricardo SIGNES wrote:

> Is your objection just that you don't want me storing anything in your
> browser's cookie jar that isn't plaintext or a serial number?

Also, I'd like to make that point that a good unique session id (like one
generated form mod_unique_id) will be indistinguishable from some encrypted data
or some data structure. They need to be Base64 encoded (or similar) to be used
in HTTP headers anyway, so it's all plain text.

-- 
Michael Peters
Plus Three, LP