[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: [Bug #1260] New "nongnu.org" site breaks sessions
|
From: |
Mathieu Roy |
|
Subject: |
[Savannah-hackers] Re: [Bug #1260] New "nongnu.org" site breaks sessions and prefs |
|
Date: |
25 Sep 2002 11:25:10 +0200 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
Yann Dirson <address@hidden> said:
> On Wed, Sep 25, 2002 at 09:36:43AM +0100, Jaime E. Villate wrote:
> > I think our best option at this moment is to move theme prefs from the
> > cookies
> > into the database (as it was originally in SourceForge). I know that Mathieu
> > had some good reasons to switch theme prefs from the database to a cookie,
> > but
> > at this moment I think it is a high priority to make life easier for
> > Savannah users.
>
> Or, maybe better, have the info both in the DB for
> registered/logged-in users, to provide cross-site propagation, and in
> cookies for logged-out operation ?
Can you give me example of website storing "logged-in infos" without
using cookies ?
By storing IP informations in the database? If a dynamic IP user
forget to log out, someone can steal his account with ease. If a
someone use savannah from a network connected to internet by IP
masquerading (as me, for instance), everyone on his local network can
stole his account.
I do not get how you can secure a login/logout system without using
cookies. Using IP is definitely unsafe. Neither other informations web
browser tells to the server are, since they can be modified and
guessed.
--
Mathieu Roy
<< Profile << http://savannah.gnu.org/users/yeupou <<
>> Homepage >> http://yeupou.coleumes.org >>
<< GPG Key << http://gpg.coleumes.org <<