Graham Cole
authored
- Begin to stop it being so logout happy for ordinary users who aren't doing anything particularly sensitive on the site by keeping track of when a user was last asked for credentials - Don't continue to use the same session identifier once a user is logged in; it's likely been sent insecurely - Mark session cookies as "SSL only" once logged in - Automatically bump users from HTTP to HTTPS for all requests whilst they're logged in
| Name | Last commit | Last update |
|---|---|---|
| components | ||
| htdocs | ||
| lib | ||
| plugins | ||
| templates | ||
| ChangeLog | ||
| README | ||
| database.sql | ||
| htaccess | ||
| settingstemplate | ||
| setup.sh | ||
| userhtaccess |