Logout Issues

Log in to stop seeing adverts
This page may contain links to companies such as eBay and Amazon. As an affiliate of these sites I may earn commission if you click the link and make a purchase

Status
Not open for further replies.
Jeff - I keep being randomly logged out over the last few days...

It's happened to me twice. I had been worrying how I managed it.
 
I just noticed whilst looking at my cookies for this site Jeff, to see if that is the issue, that BBulletin stores user id and password. Even though the password is MD5 encrypted (it looks like) surely this could be a potential security threat? I know you didn't write it btw.
 
I just noticed whilst looking at my cookies for this site Jeff, to see if that is the issue, that BBulletin stores user id and password. Even though the password is MD5 encrypted (it looks like) surely this could be a potential security threat?

The cookie is only put on your PC if you tick the 'remember me' box when you log in, and the cookie is deleted when you log out.

The forum FAQ advises people not to use this if the computer is in a shared environment, but if the computer is secure there's no risk.

If you' think people can access your computer there are probably more important things to worry about than people being able to log in to TB as you!
 
The cookie is only put on your PC if you tick the 'remember me' box when you log in, and the cookie is deleted when you log out.

The forum FAQ advises people not to use this if the computer is in a shared environment, but if the computer is secure there's no risk.

If you' think people can access your computer there are probably more important things to worry about than people being able to log in to TB as you!

They can't, it's not so much a problem as just a thing I noticed. Our coding practise is to use a token with the id instead of the password, that way if somehow people grab it, it isn't as much of an issue. Just different practises I guess.
 
They can't, it's not so much a problem as just a thing I noticed. Our coding practise is to use a token with the id instead of the password, that way if somehow people grab it, it isn't as much of an issue. Just different practises I guess.

The password is MD5 encrypted, then a salt (which is only stored in the database) is added, then it's MD5 encrypted again. So it's not something that can be cracked.
This is probably more secure, as it means if the password is changed the cookie will no longer allow access. Just storing the user ID would allow someone with the cookie to access the site even if the password had been changed.
 
The password is MD5 encrypted, then a salt (which is only stored in the database) is added, then it's MD5 encrypted again. So it's not something that can be cracked.
This is probably more secure, as it means if the password is changed the cookie will no longer allow access. Just storing the user ID would allow someone with the cookie to access the site even if the password had been changed.

true, it does mean that the password can never be recovered though, which is something our clients ask for. swings and roundabouts, I remove my original argument
 
how can i access tb on ie, ive not been able to do so since the site was updated
 
Status
Not open for further replies.
Log in to stop seeing adverts

P Pld Pts
1Liverpool1639
2Chelsea1735
3Arsenal1733
4Nottm F1731
5Bournemouth1728
6Aston Villa1728
7Manchester C  1727
8Newcastle1726
9Fulham1725
10Brighton1725
11Tottenham 1723
12Brentford1723
13Manchester U1722
14West Ham1720
15Everton1616
16Palace1716
17Leicester1714
18Wolves1712
19Ipswich1712
20Southampton176

Latest posts

Back
Top