Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-10329

When removing authentication cookies, the actual password shouldn't be sent again as the cookie value

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Trivial
    • 6.1-milestone-1
    • 6.0-rc-1
    • Old Core
    • None
    • Trivial
    • N/A
    • N/A

    Description

      Since all we're interested in is sending an expiration date in the past, the actual value is meaningless. For better security, better not send the password again as the cookie value.

      Attachments

        Activity

          People

            sdumitriu Sergiu Dumitriu
            sdumitriu Sergiu Dumitriu
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: