A few more comments on decoding.

author: Kamil Kisiel <kamil@kamilkisiel.net> 2015-03-18 02:36:01 +0300
committer: Kamil Kisiel <kamil@kamilkisiel.net> 2015-03-18 02:36:01 +0300
commit: a54a6f264e283c7afd37f9d7a772965e7a72408c (patch)
tree: d1736119fd347bac6d3987a0340ca1582d3a34b3 /securecookie.go
parent: 1dea542d129e9ab34ef39cb211bede518064bb25 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/securecookie.go b/securecookie.go
index 99be197..a4e0770 100644
--- a/securecookie.go
+++ b/securecookie.go
@@ -183,6 +183,9 @@ func (s *SecureCookie) Decode(name, value string, dst interface{}) error {
 
 	// setErr saves the error only if there was no previous error.
 	// Otherwise retErr would be overwritten by subsequent errors.
+	// This is used so that a nearly-same codepath is taken on each
+	// decode to help reduce the possibility of timing attacks.
+	// See #15 for details.
 	setErr := func(err error) {
 		if retErr == nil {
 			retErr = err
author	Kamil Kisiel <kamil@kamilkisiel.net>	2015-03-18 02:36:01 +0300
committer	Kamil Kisiel <kamil@kamilkisiel.net>	2015-03-18 02:36:01 +0300
commit	a54a6f264e283c7afd37f9d7a772965e7a72408c (patch)
tree	d1736119fd347bac6d3987a0340ca1582d3a34b3 /securecookie.go
parent	1dea542d129e9ab34ef39cb211bede518064bb25 (diff)