[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re:
OK, I think this is the problem you are having, maybe not. :)
Problem:
When a user signs in(and check on the Save Cookie box), then sign out on
that computer. Anyone can sign in using any username(or no username) and get
access to all the user info from the prev user on the SAME computer.
Solution:
This problem goes away if the cookie: MV_PASSWORD is missing. So I fixed
it by having sign out remove MV_PASSWORD from the cookies, if the user has
choosen to save the cookies in his/her computer.
Ying,
----- Original Message -----
From: Eran Binyamin Zeitoun <eran_zeitoun@karmail.com>
To: <minivend-users@minivend.com>
Sent: Tuesday, November 16, 1999 11:24 PM
> ****** message to minivend-users from "Eran Binyamin Zeitoun"
<eran_zeitoun@karmail.com> ******
>
> Hi List!,
>
> Is there a better way to check if user is logged in to system beside of
> [if session logged_in]?
>
> or mybe a double check..., after the [if se....] mybe another check to see
> if user exist on
> database or etc?
>
> i am finding that sometimes even if use didnot finished logging in
(example
> entering fake names)
> he have access to do things that are restricted by the [if ses...]
> thing...., it does not happens every time
> but once in a while....
>
>
> any ideas?
>
> Thanks,
> Eran Binyamin Zeitoun.
>
>
> -
> To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
> email with 'UNSUBSCRIBE minivend-users' in the body to
Majordomo@minivend.com.
> Archive of past messages: http://www.minivend.com/minivend/minivend-list
- References:
- No Subject
- From: "Eran Binyamin Zeitoun" <eran_zeitoun@karmail.com>
