Encode login status in session cookie

Kirby · Apr 17, 2025

Right now it is not possible to distinguish a logged in user from a guest by just looking at the session cookie - if both cases it's just a random string.

Being able to distinguish a guest from a logged in user on the webserver level (or a reverse proxy in front of that) could be quite useful for applying different rules (like rate limits, challenges, etc.) partly based on the login status.

I therefore suggest to add a flag to the session cookie value (for example a prefix...

Read more

Continue reading...

B	aria issues for online status indicators briansol Oct 12, 2024 Xenforo RSS Feed
R	Online status indicator RobynLJ Mar 27, 2025 Xenforo RSS Feed
N	Change online status indicator icon Ntown Dec 29, 2024 Xenforo RSS Feed
W	Failed login returns 200 status code W1zzard May 27, 2025 Xenforo RSS Feed
D	How can we allow readers to View thread, but require login to read replies? drastic Oct 1, 2024 Xenforo RSS Feed