You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When used over http the cookie used to store logged-in session state is easily stolen. While much better than steeling long-term credentials such as username/password used with HTTP Basic auth this is still bad. The documentation should emphasise the need to arrange for all Ucam Webauth accesses to be over https.
Aborting when not used over https unless a configuration option is explicitly set would be one way to raise awareness of this.
RAVEN019 in master TODO list
The text was updated successfully, but these errors were encountered: