webgui

mirror of https://github.com/unraid/webgui.git synced 2026-03-14 15:01:42 -05:00

Author	SHA1	Message	Date
Eric Schultz	78aa59a317	remove cache-busters from login page	2020-01-10 14:35:55 -06:00
Larry Meaney	11475152e8	clear session variables need to clear session variables, session_destroy() doesn't take care of that	2019-10-19 08:55:05 -07:00
Larry Meaney	0e3f8bdd0f	Only create session when user successfully logs in Also, enable session.use_strict_mode to prevent session fixation attacks	2019-10-18 22:53:06 -07:00
Eric Schultz	cddb1b4946	logger tag rename WebUI --> webGUI	2019-10-10 16:43:32 -05:00
Squidly271	7215d08a31	Include WebUI Tag	2019-10-10 09:18:12 -04:00
Squidly271	5dd7dd67d6	Log webUI login attempts Maybe I'm just paranoid, but with ports open, a reverse proxy thru unraid.net, I wouldn't mind seeing any and all login attempts to the server	2019-10-10 09:11:48 -04:00
Larry Meaney	a4b3da30df	Add robots metatag and CSP to login page too	2019-09-28 17:48:18 -07:00
Eric Schultz	0f03ad6f98	remove csrf token from login page	2019-09-20 14:57:36 -05:00
Eric Schultz	655b3ed883	Use samesite=strict for the login session cookie	2019-09-16 03:00:34 -05:00
Eric Schultz	01bd18b46f	remove leading dot in login cookie domain	2019-09-08 16:45:57 -05:00
Eric Schultz	0b765531fe	logon session uses a unique name now	2019-09-07 01:42:06 -05:00
Eric Schultz	facb1fbe86	only secure cookies when using https	2019-09-06 13:37:03 -05:00
Eric Schultz	c6b1b4a61b	strip port number from cookie domain	2019-09-04 19:31:09 -05:00
Eric Schultz	4769995968	regenerate session id upon logout	2019-09-04 00:12:09 -05:00
Eric Schultz	464a187d42	use a valid shortcut icon for the login page	2019-09-03 23:15:50 -05:00
Eric Schultz	b0f8f47c24	regenerate session id upon login	2019-09-03 23:05:18 -05:00
Eric Schultz	c148ed30f7	improve security on session cookie	2019-09-03 23:00:54 -05:00
Eric Schultz	ad988f5b99	show warning on login page when browser cookies are disabled	2019-08-30 14:54:21 -05:00
Eric Schultz	63053a8d1f	remove 'admin' alias for login page	2019-08-30 14:30:42 -05:00
Tom Mortensen	4c6c950042	Support forms-based authentication for login/logout. Username 'admin' is alias for 'root'.	2019-08-17 13:08:41 -07:00

20 Commits