I have noticed the login name is stored in the cookie once you are logged in. Is there a way to get the current logged in user, without being worried about someone spoofing a login (without knowing the password) by changing the cookie?
(I have been using get_currentuserinfo() to get the logged in user’s information. Everything is from the database except the login. A friend of mine bypassed the security on my site (as a test) by spoofing the login via the cookies)
If anyone can tell me how I can prevent such a security breach, I would really appreciate it 🙂
(So my question is — Is there another function that I should call to get the current user login name, without worrying about getting spoofed via the cookie)
- The topic ‘spoofing login’ is closed to new replies.