Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
None
-
None
-
true
Description
The current remember me cookie is not a secure as it could be. We would like to replace this with a better, token based mechanism.
This is described really well here by Charles
http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/
It wont quite be exactly as outlined here but it is close.