Feeling Lucky
?
[#2128] - Remember me advanced options
- Closed
- 2 Mar 2014
- Medium
- Build: master
- # 2128
- Diff
- elinw:rememberadvanced
- Error This pull request is targeted at the master branch. Pull requests should no longer be merged to master.
User tests: Successful: Unsuccessful:
beat
- comment
- 19 Oct 2013
As commented on tracker:
For security reasons, remember-me must always be:
- http-only (never accessible by javascript)
- https-only if the login happened on https.
I do sincerely not see any reasons to have those user-settable.
beat
- comment
- 19 Oct 2013
I see that currently they are not set as they should be.
Which is a vulnerability in 3.2.0 beta 1 only.
Bakual
- comment
- 2 Mar 2014
Due to the changes made to remember-me, this one would probably have to be rebuilt from scratch.
Please can you create a corresponding item on joomlacode - thanks