Banned
anyone notice how when u close browser/end session it doesn't log you out. AKA you come back to site after a night away and yer logged in automatically? Isn't this kind of nonstandard activity for a user website. I'm not sure of the exact security implications of this forum but wouldnt it be easy for a hacker to hijack the session and take over an admins permissions or read PM's etc?
Retired~ AR-Hall of Famer ~ "Enforcer"
If you're concerned you could just click "log out" at the end of your session.
Banned
gotcha, yeah i wasnt so concerned for myself, just in general the use of unlimited session-cookies... this is more a theoretical thing, for example if someone use cross site scripting and directed a cookie to their site, they could hijack the account but looking at it a little more it seems like script is disabled pretty well.
Last edited by zartan; 03-20-2008 at 12:09 PM.
Banned
would be cool if we could https though, then it would be a little more secure
Last edited by zartan; 03-20-2008 at 12:28 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote