Hacker News new | past | comments | ask | show | jobs | submit login

Instead of providing a temporary password, can't that service just give a user the session information that is sent to the server via cookies?



Well that is clever.

Well lets see if it works ... I created this user overlookedscrum with a weak enough password, but you don't know it so you can't reset it.

This is the cookie ~

key: user

value: overlookedscrum&DtTI0rbgf7YKKL0Xgy65I4cJFAi962sH

I tried it with two different browsers. It seems I can login freely, but can you ?

I'll say ping below.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: