[thesite] My Intro and a look at a UEUE Proposal

[Rory.Plaire at wahchang.com]

| so Joey Cracker gets my userid and priv level from my cookie. 
| what can 
| he do with it if its not got a corresponding userid_hash 
| value that uses 
| our secret key? (just looking for an example from your POV)

If the hash doesn't change, then couldn't he just resubmit the user_id and
user_id hash? Likewise with the rest of the attributes/attribute_hash pairs?

Like .jeff says, if he kept a running log, and kept all the hashed cookies?
(yum!)

<rory alt="?"/>

P.S. you told us to ask... ! 8)