forum security

**zartan** · 03-19-2008, 03:57 PM

anyone notice how when u close browser/end session it doesn't log you out. AKA you come back to site after a night away and yer logged in automatically? Isn't this kind of nonstandard activity for a user website. I'm not sure of the exact security implications of this forum but wouldnt it be easy for a hacker to hijack the session and take over an admins permissions or read PM's etc?

**Big** · 03-19-2008, 05:29 PM

If you're concerned you could just click "log out" at the end of your session.

**zartan** · 03-20-2008, 10:38 AM

gotcha, yeah i wasnt so concerned for myself, just in general the use of unlimited session-cookies... this is more a theoretical thing, for example if someone use cross site scripting and directed a cookie to their site, they could hijack the account but looking at it a little more it seems like script is disabled pretty well.