I have tested umbraco and when using cookie based login everyone who can access your cookies can steal your login. If the session id is the same as this cookie value then it might not be safe to show this in the Admin Sessions Manager.
HI Stephen - the goal of this package is to make it easier for site administrators - I certainly wouldn't expose this control to anyone who doesn't have full control of the website. I actually use it on a dasboard in my custom super user section of umbraco - where I keep things like DB management reports and some business specific functions that I need to keep away from other users.
If there was anything I thought could be gained from stealing a user's login, then perhaps I would update the control to allow that - but I don't think there is - as the session doesn't really hold anything special (at least to someone who has complete site access, and can open the DB).
Is it safe to show the session id ?
I have tested umbraco and when using cookie based login everyone who can access your cookies can steal your login. If the session id is the same as this cookie value then it might not be safe to show this in the Admin Sessions Manager.
HI Stephen - the goal of this package is to make it easier for site administrators - I certainly wouldn't expose this control to anyone who doesn't have full control of the website. I actually use it on a dasboard in my custom super user section of umbraco - where I keep things like DB management reports and some business specific functions that I need to keep away from other users.
If there was anything I thought could be gained from stealing a user's login, then perhaps I would update the control to allow that - but I don't think there is - as the session doesn't really hold anything special (at least to someone who has complete site access, and can open the DB).
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.