[Phpmyadmin-devel] speed improvement in auth_type cookie!
Marc Delisle
DelislMa at CollegeSherbrooke.qc.ca
Wed Nov 24 06:07:00 CET 2004
Garvin Hicking a écrit:
> Hi Marc!
>
> About the LoginCookieValidity - a question: Since I don'T use cookie auth, is it
> possible for users to set LoginCookieValidity off (say to 0) and then the
> en/decoding of the cookie is not always performed?
Hi Garvin,
this would mean that a stolen cookie can be used to authenticate.
Marc
>
> If that's not yet the case, I'd suggest to do so, because I suppose some users
> may want to use cookies, don't have mcrypt but wouldn't need the CookieValidity
> Setting - so for them, the cookie shouldn't be en/decoded everytime.
>
> Regards,
> Garvin.
>
> (P.S., Marc: Your mail about the session stuff needs some more thinking from me,
> but I didn't ignore it :-)
>
P.S. No problem...
More information about the Developers
mailing list