call sec_login_handler instead of just sec_generate_session_id_cookie, since otherwise, cryptographically valid session cookie could be used…
Show more
call sec_login_handler instead of just sec_generate_session_id_cookie, since otherwise, cryptographically valid session cookie could be used without a ad_login_cookie
Show less