this-might-be-offensive icon indicating copy to clipboard operation
this-might-be-offensive copied to clipboard
verified publisher icon numist

cookiehash should include password

Open numist opened this issue 14 years ago • 1 comments

if a user changes their password it should invalidate all issued login cookies.

this should be staged—for a few months if a user comes around with an old style cookie it should be accepted and silently updated to the new format. then we pull the plug on the old style.

numist avatar Oct 12 '11 17:10 numist

this depends on Issue #11, as the password hashes use sha1 and the less we leak hashes that are relatively easy to compute the better.

numist avatar Feb 03 '12 21:02 numist