[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] Session timeout in AI

Subject: [ic] Session timeout in AI
From: interchange-users@icdevgroup.org (Jeff Dafoe)
Date: Fri Nov 22 19:25:01 2002
References: <NGBBIJJGCLFDOPNCJOGHGEFECHAA.listbox@email.com>

> I've brought this up before and gotten no response, but it seems like
> something that needs attention for security's sake.  When you log in to
the
> UI, the MV_USERNAME and MV_PASSWORD cookies are set containing the
> appropriate two values and they are explicitly NOT secure.  Isn't that a
bit
> of a security issue?  I don't understand why those cookies are even set as
> there is no autologin feature for the UI.

    Are you sure those values are set in the cookie?  I haven't looked, but
since IC is a session-based system, I would assume that the cookie would
point to the session as opposed to actually containing the username and
password information.


Jeff

Follow-Ups:
- [ic] Session timeout in AI
  - From: interchange-users@icdevgroup.org (Grant)

References:
- [ic] Session timeout in AI
  - From: interchange-users@icdevgroup.org (Grant)

Prev by Date: [ic] [if] [and] [or] not working properly
Next by Date: [ic] Checkout Page not displaying in AOL
Previous by thread: [ic] Session timeout in AI
Next by thread: [ic] Session timeout in AI
Index(es):
- Date
- Thread