Brad Fitzpatrick (bradfitz) wrote in lj_dev,
Brad Fitzpatrick
bradfitz
lj_dev

new cookies, security, manage logins....

So, the new cookie code is live. Details are at:

http://cvs.livejournal.org/browse.cgi/livejournal/doc/raw/cookie-scheme.txt?rev=HEAD

The code which implements it is entirely in the new LJ::Session module, at cgi-bin/LJ/Session.pm.

You now have separate "www" cookie (your ljmastersession) and per-user cookies, which are per-domain and/or per-path for, say, communities and underscore users.

Also, you can now track your logins:

http://www.livejournal.com/manage/logins.bml

Eventually we'll do things like let you name IP addresses ("Work", "Home") and show in red things that are out of the ordinary, etc. Also emails on new logins that aren't in your whitelist.

Also, as of last week, you need a password to change your email address, and passwords can't be mailed in cleartext now... only a reset URL.

etc, etc.

David or I will be posting more later, and also as questions come up, we'll be watching these posts.

Update: Sorry, I deleted all comments that were regarding the underscore-in-username bug. That was fixed about in parallel with this post, and I didn't want this thread turning into a support request forum. I also accidentally deleted the thread about cookie /path/ restrictions. :-/
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 117 comments
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →