#119 security improvement for auto-login function

v3.00
open
nobody
5
2012-09-17
2009-04-26
Adam Sayler
No

keeping the password in a plain text cookie GO_PW for the auto login feature is not very secure. Suggesting to move the data to a session table in the database and then storing the session ID in a cookie on the users computer as way to improve security on the system. This session table could also be used for other information such as language and login information stored in separate cookies on the clients browser.

Discussion