| Admin password/email changed and he still logged in and carried operations |
|
Here are few extra advice:
1- Try to use your admin from another browser so that to avoid session clash (being a site user and admin user) 2- If your site has sensitive data, do not allow browser to auto-complete your username and password fields. 3- You can set maximum time for a session to be alive. That way, a session automatically gets expired after for instance 30 minutes of inactivity. 4- Make sure you are passing data like password from one page to another via PHP sessions... After login, set a token and assign it to admin. That way, if you session gets hijacked, you will protect your database. Good luck Matt https://myhsts.org/ https://blockchain.dcwebmakers.com/ https://coding-bootcamps.com/ |
| Messages In This Thread |
|
Admin password/email changed and he still logged in and carried operations - by codingdreams - 12-12-2018, 11:59 PM
RE: Admin password/email changed and he still logged in and carried operations - by Pertti - 12-13-2018, 03:07 AM
RE: Admin password/email changed and he still logged in and carried operations - by codingdreams - 12-13-2018, 01:45 PM
RE: Admin password/email changed and he still logged in and carried operations - by MattZand - 10-06-2019, 11:43 AM
RE: Admin password/email changed and he still logged in and carried operations - by InsiteFX - 10-07-2019, 03:07 AM
|
