So if I know the value for a particular user, and I issue a "hand made" request to jforum with this value, then jforum will think that I have been authenticated without ever giving a login and password!!!
Rafael Steil wrote:
No, it won't. There is a security hash for each user. You can try to change the cookie's value, but it will not work.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koophttps://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton