So if I know the value for a particular user, and I issue a "hand made" request to jforum with this value, then jforum will think that I have been authenticated without ever giving a login and password!!!
Rafael Steil wrote:
No, it won't. There is a security hash for each user. You can try to change the cookie's value, but it will not work.
If I had asked people what they wanted, they would have said faster horses - Ford. Tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koophttps://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton