[Phpmyadmin-devel] speed improvement in auth_type cookie!

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Wed Nov 24 06:07:00 CET 2004

Garvin Hicking a écrit:

> Hi Marc!
> About the LoginCookieValidity - a question: Since I don'T use cookie auth, is it
> possible for users to set LoginCookieValidity off (say to 0) and then the
> en/decoding of the cookie is not always performed?

Hi Garvin,
this would mean that a stolen cookie can be used to authenticate.

> If that's not yet the case, I'd suggest to do so, because I suppose some users
> may want to use cookies, don't have mcrypt but wouldn't need the CookieValidity
> Setting - so for them, the cookie shouldn't be en/decoded everytime.
> Regards,
> Garvin.
> (P.S., Marc: Your mail about the session stuff needs some more thinking from me,
> but I didn't ignore it :-)

P.S. No problem...

More information about the Developers mailing list