[wp-trac] Re: [WordPress Trac] #9577: use user_id rather than
user_login in the authentication cookie
WordPress Trac
wp-trac at lists.automattic.com
Sat Apr 18 11:00:46 GMT 2009
#9577: use user_id rather than user_login in the authentication cookie
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: 2.8
Component: Security | Version: 2.8
Severity: normal | Keywords: has-patch tested
-------------------------------+--------------------------------------------
Changes (by Denis-de-Bernardy):
* keywords: => has-patch tested
Comment:
this one might be worth a discussion in wp-hackers. it is meant to prevent
the username to be passed in the cookie.
it *might* break a plugin or two that relies on the
auth_cookie_bad_username hook. we could alternatively keep that hook's
name unchanged, but the semantics would wrong. or we could fire both
auth_cookie_bad_username *and* auth_cookie_bad_user_id, passing the
user_id each time -- to ensure 100% backwards compat.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9577#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list