So if I know the value for a particular user, and I issue a "hand made" request to jforum with this value, then jforum will think that I have been authenticated without ever giving a login and password!!!
Rafael Steil wrote:
No, it won't. There is a security hash for each user. You can try to change the cookie's value, but it will not work.