Currently the authentication and redirect request cookie "OATMEAL" gets the same
validation and encryption treatement as the identification cookie "CHOCOLATECHIP".

There is no need for that - the cookie contains only obvious information such as timestamp
and redirect location.

It could be argued that not even a cookie is required - only a single URL redirect location parameter.

Comments

coltrane’s picture

coltrane
he/him
commented
Status: Active » Postponed (maintainer needs more info)

Why?

drumm’s picture

drumm
he/him
Location NY, US
commented
Issue summary: View changes
Status: Postponed (maintainer needs more info) » Closed (cannot reproduce)

Closing due to lack of response.