| Log Message: |
Use a generated UUID stored in a cookie, instead of the session key, as a portion
of the encryption key we use to encrypt the password for storage in the session.
It should now be more or less impossible for an attacker to get the password, as
they need access to the browser and the server.
|
identity/CatDap/trunk/lib/CatDap/Controller/user.pm