Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Member to rememeber


Reply

2 Posts   1446 Views

Avatar
xmedeko

26 August 2007 at 10:02am (Last edited: 26 August 2007 10:16am), Community Member, 94 Posts

Hi,
when the Member is remembered in the browser, the cookie is set in Member:: autoLogin(). This cookie is encoded email and password.

The cookies are unsafe in general, but a little better option is to put some random hash into the cookie, because user's tends to make the same password for more accounts. The cookie can be a pair email:hash, and then the hash need not to be necessary unique.

Avatar
Markus

27 August 2007 at 2:00am Google Summer of Code Hacker, 152 Posts

That's true.. I fixed this already in the GSoC branch a while ago.. I think this branch will go into the 2.1 version.