since the browser is allowed to store both the log in and password, I don't see the problem unless someone is using a public computer.

Wai sent the following on 7/31/2010 9:50 AM:

Hello All,

I notice that ofbiz stores the username inside a browser cookie.  I would
like to get some comments as to whether this is a potential security risk?
eg...

JSESSIONID=E4CADD25A32162D92C31DC938C108DFE.jvm1; OFBiz.Visitor=10025;
mystuff.autoUserLoginId=admin

Thanks

Reply via email to