Plain text username and password in cookie

Issue #101 on hold
Former user created an issue

The 'remember me' feature stores credentials as plain text in a cookie on the users computer that can be stolen and used for unauthorized access. It would be much better to persistent authentication tokens as described in:

https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence

Comments (3)

  1. Log in to comment