Hi there,
On Mon, 20 Aug 2001, David Young wrote:
> Before I tackle this myself, has anyone added functionality to AuthCookie so
> that it will report *why* a user is being asked to login? Currently, if a
> user enters in a wrong username or password, they just get redirected back
> to the login form with no explanation.
It's generally considered a security hole to report things like
"invalid user id" to a user who fails to get a login, because when he
finally gets "invalid password" he knows he's got a valid user id...
73,
Ged.
