Community has the option to 'remember' the user even if the browser is closed and the user connects a week later. This is because a locally stored cookie contains a session ID which matches the session ID stored in the database the last time the user logged in (using the remember login option and a password)
This is fine for a single sign on scenario, and it's the preferred method of operation for almost every major internet portal out there, however, almost EVERY site that implements this also seems to protect specific pages, like, for example, the profile page. So, in the event the computer is compromised or the session is hijacked no major damage or sensitive information will be stolen since the local cookie will be 'ignored' (for security reasons)
What would be the best way to quickly implement this on a per page basis? or better yet. How I do protect: The GOCart plugin from displaying Billing/Shipping for returning customers, Profile page for GForum, profile page for Community.
Would a simple line to delete the locally stored cookie do? is this the way major sites implement this 'double check' ?
This is fine for a single sign on scenario, and it's the preferred method of operation for almost every major internet portal out there, however, almost EVERY site that implements this also seems to protect specific pages, like, for example, the profile page. So, in the event the computer is compromised or the session is hijacked no major damage or sensitive information will be stolen since the local cookie will be 'ignored' (for security reasons)
What would be the best way to quickly implement this on a per page basis? or better yet. How I do protect: The GOCart plugin from displaying Billing/Shipping for returning customers, Profile page for GForum, profile page for Community.
Would a simple line to delete the locally stored cookie do? is this the way major sites implement this 'double check' ?