Быстрый лёгкий надёжный форумный движок
Вы не вошли.
Страницы 1
Hello,
I figured if someone copied the cookie value and manually entered it in another browser or location, they could access the account without logging in, as long as the cookie hasn't expired and the hashes match. Cookies must be properly protected to prevent unauthorized access. is this normal?
Редактировался Expecty (2023-09-08 01:35:33)
Offline
This is normal.
Https was invented for this, so that no one outside the server and the user's computer could see cookies and everything else.
And the user is responsible for the security (viruses, trojans) of his computer.
Set your forum to https only.
And set up config.php configuration files:
$cookie_secure = 0;
-->
$cookie_secure = 1;
Моя сборка FluxBB 1.5, ForkBB · сообщество
Offline
Страницы 1