FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Session Id in URL and Cookies
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Session Id in URL and Cookies [message #15810 is a reply to message #15806] Mon, 05 January 2004 16:26 Go to previous messageGo to previous message
Gribnif is currently offline  Gribnif   United States
Messages: 82
Registered: December 2003
Karma:
Member
Yes, but that still doesn't solve the problem. If I use the forum and walk away without logging-out, the next person to use the machine will be automatically logged-in as me, as long as they do so before the expiration time.

The problem here isn't so much one of security; it's always the individual's fault for not logging-out correctly. The problem is the automatic login that happens when a careless user leaves things this way. I can foresee cases where the second user starts posting things to the forum without even realizing they are logged-in as someone else.

By the way, you might want to note in the admin CP screen that the cookie timeout setting is meaningless if session cookies are being used.
[Message index]
 
Read Message icon5.gif
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Actions List.
Next Topic: editing FAQs via the web interface
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Nov 25 20:12:06 GMT 2024

Total time taken to generate the page: 0.04350 seconds