Gmail, Netflix, Flickr . . . they all leave you logged in for days. I would expect the same for orderofthehammer. As it is now I have to log in several times a day.
Posted by Hammerite 2011-02-11 20:15:22 GMT
Posted by Redessa 2011-03-16 22:09:55 GMT
I'd like to see this too please. It should be simple to implement - a global handler for every page that will authenticate using cookie if not logged in and cookie is supplied. Set the cookie from the login page with a "remember me on this computer" checkbox.
So long as you don't store the user ID and login in the cookie, it'll be perfectly safe. A SHA1 hash generated from the username and password would be perfectly secure and nigh on uncrackable. Cookies can always be stolen (just as a password can). Generating a cookie from hashed password means any stolen cookies would then be invalidated on a password change. You can protect against stolen cookies by including the browser's IP address in the hash, so the cookie is valid for that user on that machine only.
It's fairly academic about security anyway, as the current login form transmits the username and password over open HTTP, so they could be readily intercepted. If you're that worried about security make the login use HTTPS to encrypt the password.
Anyway, the only data that could be compromised is my email address. The rest seems to be publicly available on the site.
Posted by astrostl 2013-07-03 15:32:37 GMT
Major +1 here. Only true grievance with the site, which I generally love. I would check, "keep me logged in" even if it had a, "this is a massive security risk for your account" warning - even though I don't think standard cookie usage would rate to be one. It is just a game :) Thanks for considering the feature.
You must log on in order to post messages.
Click here to return to the Board Page, or here to return to the Main Page.