Announcement

Collapse
No announcement yet.

What’s the reason for the logouthash usage?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] What’s the reason for the logouthash usage?

    Logout from forum can be done with:

    login.php?do=logout

    What’s the reason then for the additional logouthash usage ie.:

    login.php?do=logout&logouthash=blablabla

  • #2
    I doubt it has any purpose and should be removed. Can you enter it as a bug in the tracker system?

    Comment


    • #3
      Originally posted by Andy View Post
      I doubt it has any purpose and should be removed. Can you enter it as a bug in the tracker system?
      Aside from maybe some clown linking them to 'domain.com/forums/login.php?do=logout' and NOT having it force them to logout?

      My Live vB5 Site - NZEating.com
      vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

      Comment


      • #4
        The logouthash usage seems just stupid, just as stupid as edit the original SQL database triggers when not trusted.

        What should be included inside the logout process is the userid usage only, not such a strange logouthash.

        Comment


        • #5
          Originally posted by Ace View Post
          Aside from maybe some clown linking them to 'domain.com/forums/login.php?do=logout' and NOT having it force them to logout?

          Thank you Ace. Looks like that is the purpose of the long hash.

          Comment


          • #6
            It's not useless. If it didn't exist, right now I could do this



            See that? When you viewed this page now you would be logged out.

            Comment


            • #7
              Its to prevent malcious logouts from third party scripts.

              Comment


              • #8
                OK, many thanks for the explanations.

                I see the reason for the logouthash to be included. However, I would like to see the logout mechanism handle all the user specific settings in the background scripting thus not included in the logout URL visible to the user. Hope to see such a logout process in next versions.

                Comment

                Related Topics

                Collapse

                Working...
                X