@ReinH @brynary @envygeeks then we agree, session cookies should only be sent via a SSL connection & therefore use the secure flag
-
-
Replying to @mattetti
@merbist@reinh@envygeeks yes secure does that. But: Rails will let you make an insecure session today.1 reply 0 retweets 0 likes -
Replying to @brynary
@brynary@ReinH@envygeeks so since some endpoints have to be under HTTPS, let's make everything httos by defaylt , it's just easier1 reply 0 retweets 0 likes -
Replying to @mattetti
@merbist@brynary@envygeeks counterexample: assets over HTTPS are unnecessarily slow. But a smart asset manager could handle this.4 replies 0 retweets 0 likes -
Replying to @ReinH
@ReinH@brynary@envygeeks how much slower is Nginx at serving HTTPS static assets?2 replies 0 retweets 0 likes -
Replying to @envygeeks
@envygeeks@ReinH@brynary how expensive exactly?5 replies 0 retweets 0 likes -
Replying to @mattetti
@merbist@envygeeks@brynary Anecdotally, I remember that TLS termination was a performance problem for large Puppet installations.3 replies 0 retweets 0 likes -
Replying to @bascule1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.