Question about authentication

Expecty · 2023-09-07 22:34:02

Hello,

I figured if someone copied the cookie value and manually entered it in another browser or location, they could access the account without logging in, as long as the cookie hasn't expired and the hashes match. Cookies must be properly protected to prevent unauthorized access. is this normal?

Редактировался Expecty (2023-09-08 01:35:33)

Visman · 2023-09-08 04:20:12

This is normal.
Https was invented for this, so that no one outside the server and the user's computer could see cookies and everything else.
And the user is responsible for the security (viruses, trojans) of his computer.

Set your forum to https only.
And set up config.php configuration files:

$cookie_secure = 0;

-->

$cookie_secure = 1;

Русское сообщество fluxbb

Объявление

#1 2023-09-07 22:34:02

Question about authentication

#2 2023-09-08 04:20:12

Re: Question about authentication

Подвал доски