[wp-trac] [WordPress Trac] #43576: Do not expose user_login through cookies
WordPress Trac
noreply at wordpress.org
Mon Mar 19 14:33:11 UTC 2018
#43576: Do not expose user_login through cookies
------------------------------------+------------------------------
Reporter: marcus.downing | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------------+------------------------------
Comment (by marcus.downing):
Note that the documentation (https://codex.wordpress.org/WordPress_Cookies
#Non-Version-Specific_Data) says:
The actual cookies contain hashed data, so you don't have to worry about
someone gleaning your username and password by reading the cookie data.
This is currently incorrect, as the username '''is''' in the cookie. If
this issue is rejected, then the documentation should be changed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43576#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list