From a54a6f264e283c7afd37f9d7a772965e7a72408c Mon Sep 17 00:00:00 2001
From: Kamil Kisiel <kamil@kamilkisiel.net>
Date: Tue, 17 Mar 2015 16:36:01 -0700
Subject: A few more comments on decoding.

---
 securecookie.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'securecookie.go')

diff --git a/securecookie.go b/securecookie.go
index 99be197..a4e0770 100644
--- a/securecookie.go
+++ b/securecookie.go
@@ -183,6 +183,9 @@ func (s *SecureCookie) Decode(name, value string, dst interface{}) error {
 
 	// setErr saves the error only if there was no previous error.
 	// Otherwise retErr would be overwritten by subsequent errors.
+	// This is used so that a nearly-same codepath is taken on each
+	// decode to help reduce the possibility of timing attacks.
+	// See #15 for details.
 	setErr := func(err error) {
 		if retErr == nil {
 			retErr = err
-- 
cgit v1.2.3