Support » Fixing WordPress » spoofing login

  • Hello,

    I have noticed the login name is stored in the cookie once you are logged in. Is there a way to get the current logged in user, without being worried about someone spoofing a login (without knowing the password) by changing the cookie?

    (I have been using get_currentuserinfo() to get the logged in user’s information. Everything is from the database except the login. A friend of mine bypassed the security on my site (as a test) by spoofing the login via the cookies)

    If anyone can tell me how I can prevent such a security breach, I would really appreciate it 🙂

    (So my question is — Is there another function that I should call to get the current user login name, without worrying about getting spoofed via the cookie)

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘spoofing login’ is closed to new replies.