[ic] UI Login Cookies

Grant interchange-users@icdevgroup.org
Wed Oct 2 15:40:00 2002


I posted this about three weeks ago, but I didn't get any replies so I'm
making it more clear and concise this time.

The two cookies named MV_USERNAME and MV_PASSWORD are being set at my 4.8.6
UI login page after the username and password are entered there.  I'm hoping
to keep those cookies from being set there for three reasons:

1. There is no autologin feature for the UI so they're pointless as far as I
can tell.

2. When I browse my store's front-end, the error log becomes overrun with
"Denied attempted login with nonexistent user name 'myUIusername'" which
must be because the autologin feature on my store's front-end uses cookies
of the same name as those that were set at the UI login.

3. The cookies being set are explicitly NOT secure, and they contain the
extremelly sensitive UI username and password.  I would think that that
could be a major security issue.

Is there any way to disable those cookies from being set at the UI login?

- Grant