Wordpress and the cookies

June 3 33 comments

Important: The workaround provided in this post is not reliable enough, there is now a more secure way to fix this problem. The new fix is available as a convenient plugin.

Since the release of Wordpress 2.0, a…

Airtight sessions

April 15 3 comments

I recently read an article which warns about the fact that cookie based authentication can be exploited using JavaScript. I am not going into detail about the problem itself, but I’ll try to give a brief explanation using an…