Hi, On Jul 31, 2:38 am, Scott <blueseas...@gmail.com> wrote: > I do not agree with item 1. Session data should never be stored > client-side as it opens a rather large attack vector. Which attack vector exists for signed cookies with a signed timeout compared to just session IDs in cookies? Both can be hijacked by a man in the middle.
Regards, Armin
