[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: [Bug #1260] New "" site breaks sessions

From: Mathieu Roy
Subject: [Savannah-hackers] Re: [Bug #1260] New "" site breaks sessions and prefs
Date: 25 Sep 2002 11:25:10 +0200
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

Yann Dirson <address@hidden> said:

> On Wed, Sep 25, 2002 at 09:36:43AM +0100, Jaime E. Villate wrote:
> > I think our best option at this moment is to move theme prefs from the 
> > cookies
> > into the database (as it was originally in SourceForge). I know that Mathieu
> > had some good reasons to switch theme prefs from the database to a cookie, 
> > but
> > at this moment I think it is a high priority to make life easier for 
> > Savannah users.
> Or, maybe better, have the info both in the DB for
> registered/logged-in users, to provide cross-site propagation, and in
> cookies for logged-out operation ?

Can you give me example of website storing "logged-in infos" without
using cookies ?

By storing IP informations in the database? If a dynamic IP user
forget to log out, someone can steal his account with ease. If a
someone use savannah from a network connected to internet by IP
masquerading (as me, for instance), everyone on his local network can
stole his account. 
I do not get how you can secure a login/logout system without using
cookies. Using IP is definitely unsafe. Neither other informations web
browser tells to the server are, since they can be modified and

Mathieu Roy
 << Profile  << <<
 >> Homepage >>           >>
 << GPG Key  <<              <<

reply via email to

[Prev in Thread] Current Thread [Next in Thread]