Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

Member to rememeber


Go to End


2 Posts   2075 Views

Avatar
xmedeko

Community Member, 94 Posts

26 August 2007 at 10:02am

Edited: 26/08/2007 10:16am

Hi,
when the Member is remembered in the browser, the cookie is set in Member:: autoLogin(). This cookie is encoded email and password.

The cookies are unsafe in general, but a little better option is to put some random hash into the cookie, because user's tends to make the same password for more accounts. The cookie can be a pair email:hash, and then the hash need not to be necessary unique.

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

27 August 2007 at 2:00am

That's true.. I fixed this already in the GSoC branch a while ago.. I think this branch will go into the 2.1 version.