A
Amir Ghezelbash
Hi every one
I have a major MAJOR MAJOR problem
Ok I have been using cookies for my site for a while and now I have been
trying to use session less cookies because I find them much faster
Any way now the problem
With session less cookies since ID is embedded within URL every time
someone signs into their account and then logout if they send their link
to someone else, that other person can login into their account without
needing to know their user name and pass ok let me show you what I mean
by example
Here is my site go to my site
http://www.riseofkingdoms.org/rok
Now if you login using: UserName:d1 and password:dzl786
You be taking to your page now if you go in menu and go to Palac and
sign-out but before doing that copy the link in your browser, now
sign-out close your browser and paste your link and you be taking back
to your profile without needing to sign in
Even if you send your link to someone else they will be able to sign in
without needing to log in here is the link when I signed in you can just
go to that account using this link you don’t need to sign in
http://www.riseofkingdoms.org/rok/(c4ehh345kyxu122m0xz2ij45)/ROKGame/Ris
e_Of_Kingdoms/Home.aspx
This cannot be good
I am sure there is a way around this I mean I hope, why is it doing
this?
I expire sessions when sign-out has been clicked, Session.
Remove("UserName");
Any suggestions
I have a major MAJOR MAJOR problem
Ok I have been using cookies for my site for a while and now I have been
trying to use session less cookies because I find them much faster
Any way now the problem
With session less cookies since ID is embedded within URL every time
someone signs into their account and then logout if they send their link
to someone else, that other person can login into their account without
needing to know their user name and pass ok let me show you what I mean
by example
Here is my site go to my site
http://www.riseofkingdoms.org/rok
Now if you login using: UserName:d1 and password:dzl786
You be taking to your page now if you go in menu and go to Palac and
sign-out but before doing that copy the link in your browser, now
sign-out close your browser and paste your link and you be taking back
to your profile without needing to sign in
Even if you send your link to someone else they will be able to sign in
without needing to log in here is the link when I signed in you can just
go to that account using this link you don’t need to sign in
http://www.riseofkingdoms.org/rok/(c4ehh345kyxu122m0xz2ij45)/ROKGame/Ris
e_Of_Kingdoms/Home.aspx
This cannot be good
I am sure there is a way around this I mean I hope, why is it doing
this?
I expire sessions when sign-out has been clicked, Session.
Remove("UserName");
Any suggestions