Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Member to rememeber


Reply


2 Posts   1459 Views

Avatar
xmedeko

Community Member, 94 Posts

26 August 2007 at 10:02am

Edited: 26/08/2007 10:16am

Hi,
when the Member is remembered in the browser, the cookie is set in Member:: autoLogin(). This cookie is encoded email and password.

The cookies are unsafe in general, but a little better option is to put some random hash into the cookie, because user's tends to make the same password for more accounts. The cookie can be a pair email:hash, and then the hash need not to be necessary unique.

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

27 August 2007 at 2:00am

That's true.. I fixed this already in the GSoC branch a while ago.. I think this branch will go into the 2.1 version.