We all know that as per the mybb default cookies,
inorder to login to acp, we need to login to the account first. But if we logout of the account, we can be still logged in our ACP account which poses a security risk for the admins.
Can we make the cookies set that it logs us out of ACP, whenever we log out of account?
If its about the ACP cookies set to delete after a particular time which needs us to login to ACP again, this allows other users to access the acp though we logout of account.
And also can we set the cookies expiry time for members also?
Cookies expire after 15-30minutes of idling.
Hi, Happy Holidays
Do you mean to immediate log-out once admin close the admin page ? or something like that ..
when we logout of our main account, we must be logged out of acp also and if possible your method too, immediate logout after the any admin page close.
I see what you're saying but honestly don't see the big the need. The cookies are handled separate so you can visit your forum everyday without having to log back in. But, still requiring you to login into the admin CP.
I think as easier solution would be taking already recommended steps on this forum. Such as changing the default admin CP directory and putting a .htaccess password on it.
yeah, you are right alex and i already applied them.
what if we access the admin account in the public internet cafes?
suppose if we login to site and then acp, then logging out of the site but not from the acp and we left off the cafe.
the next user who access our pc can still point to the admin link ex:
http://www.xdaxafdaxx.com/admin/index.ph...-dashboard and can access our acp though we logged of site and as the admin cookies stays alive for a while.
If you already applied the things I've mentioned they should be ample protection even in that case. And, if you know you're using a public computer just log out of the Admin CP.
OK. Its just an suggestion.
I'm much cared about my site and i make sure to logout of acp when i access through public cafes.
But people who forgot to log off from acp, can see severe consequences if the next user access it and rip off their site.
I see that other forum softwares like ipb, vb have this feature.
IPB's method is a pain in the lime. I hate having to log in after accidentally closing the tab just to make one tiny change. Aside from that, if the other person at the cafe doesn't have your cookie, that can't log into your ACP without it..
The way it is done now I suppose is to keep the main site and the Admin CP separate so that you can use separate accounts to login to the main site and admincp
For security, you should NEVER login to your Admin CP or use an account that has access to your admincp from Internet Cafes or any other public computer because you can not know for sure what software it contains, it might very well contain a key logger that steals your passwords.
yep, i agree with you g33k.