Opened 7 years ago
Closed 7 years ago
#1483811 closed Tasks (fixed)
Get rid of the _auth hash in URLs
| Reported by: | thomasb | Owned by: | thomasb |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.1-beta2 |
| Component: | PHP backend | Version: | 0.1-beta |
| Severity: | normal | Keywords: | |
| Cc: |
Description
The auth hash which is checked against the string saved in session cookie should be removed. This would make it easier to implement an external login where this hash always has to be included. To enhance security, a second cookie which changes it's value every few minutes should be used.
Change History (1)
comment:1 Changed 7 years ago by thomasb
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Updated in Trunk.
This should now make it easier to perform a login from a foreign page by posting username and password. Also HTTP authentication is actually possible.