On 05/22/2014 10:16 AM, Thomas Bruederli wrote:
We use this to check whether the user's browser supports cookies. If the login request doesn't come with a valid session cookie, we can display a proper warning about disabled cookies. One can argue that this isn't necessary but that's a reason for starting session.
But maybe we can move that check to the redirected page after login.
I think we can check cookie support in javascript on login page.
What about security token, can we have it without session?