Author Topic: Important Security Issue (Read 3834 times)

kindian · « **on:** July 16, 2005, 11:13:39 AM »

One user mailed me today saying that he sent a link to his photo to a friend. His friend saw his photo and kinda logged in with his username, they even tryed to change the profile and it worked. The link the user sent to his friend contained the session id. How can I fix that. I've already tryed to use the MOD to make the url google friendly, but it didnt work. Anyone else with this problem?