[ic] Session timeout in AI

[Grant]

>> I've brought this up before and gotten no response, but it seems like
>> something that needs attention for security's sake.  When you log in to
>the
>> UI, the MV_USERNAME and MV_PASSWORD cookies are set containing the
>> appropriate two values and they are explicitly NOT secure.  Isn't that a
>bit
>> of a security issue?  I don't understand why those cookies are
>even set as
>> there is no autologin feature for the UI.
>
>    Are you sure those values are set in the cookie?  I haven't looked, but
>since IC is a session-based system, I would assume that the cookie would
>point to the session as opposed to actually containing the username and
>password information.
>
>
>Jeff

Sorry it took so long for me to get back to you here Jeff.  Yes, the values
are written in the cookie, I've checked it out.  I'm not sure why it's set
up like this but it doesn't seem like a good idea....

- Grant