Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Stephen Maij 11 posts 36 karma points
    Dec 17, 2010 @ 11:03
    Stephen Maij

    Is it safe to show the session id ?

    I have tested umbraco and when using cookie based login everyone who can access your cookies can steal your login. If the session id is the same as this cookie value then it might not be safe to show this in the Admin Sessions Manager.


  • Josh Townson 67 posts 162 karma points
    Dec 17, 2010 @ 11:20
    Josh Townson

    HI Stephen - the goal of this package is to make it easier for site administrators - I certainly wouldn't expose this control to anyone who doesn't have full control of the website. I actually use it on a dasboard in my custom super user section of umbraco - where I keep things like DB management reports and some business specific functions that I need to keep away from other users.

    If there was anything I thought could be gained from stealing a user's login, then perhaps I would update the control to allow that - but I don't think there is - as the session doesn't really hold anything special (at least to someone who has complete site access, and can open the DB).

Please Sign in or register to post replies

Write your reply to: