Brad Fitzpatrick (bradfitz) wrote in lj_dev,
Brad Fitzpatrick

new cookies, security, manage logins....

So, the new cookie code is live. Details are at:

The code which implements it is entirely in the new LJ::Session module, at cgi-bin/LJ/

You now have separate "www" cookie (your ljmastersession) and per-user cookies, which are per-domain and/or per-path for, say, communities and underscore users.

Also, you can now track your logins:

Eventually we'll do things like let you name IP addresses ("Work", "Home") and show in red things that are out of the ordinary, etc. Also emails on new logins that aren't in your whitelist.

Also, as of last week, you need a password to change your email address, and passwords can't be mailed in cleartext now... only a reset URL.

etc, etc.

David or I will be posting more later, and also as questions come up, we'll be watching these posts.

Update: Sorry, I deleted all comments that were regarding the underscore-in-username bug. That was fixed about in parallel with this post, and I didn't want this thread turning into a support request forum. I also accidentally deleted the thread about cookie /path/ restrictions. :-/

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

← Ctrl ← Alt
Ctrl → Alt →
← Ctrl ← Alt
Ctrl → Alt →