#490 Don't store username / password in session cookie

open
nobody
None
5
2014-03-28
2014-03-28
naptastic
No

Please find attached a patch to the login_auth plugin that gets username and password from the environment, rather than storing them in a session cookie. This can prevent some information disclosure exploits.

1 Attachments

Discussion