Make "Remember me" function secure

stellar-deprecated / interstellar-sessions

DEPRECATED. interstellar-sessions provides helpful methods to create and manage sessions for your application users.

Apache License 2.0

2 stars 5 forks source link

Make "Remember me" function secure #1

Open bartekn opened 9 years ago

bartekn commented 9 years ago

Right now, permanent sessions are saved plain-text to a cookie when user is using "Remember me" function. We must make this secure before public release. One of the ideas is to encrypt user secret by a password and ask for this password before making payments.

bartekn commented 9 years ago

For now: don't allow permanent sessions in http protocol.