As I think more and more about security, I’ve been planning out the best solution to fix the remember me login functionality of ProjectPress. As it stands, it doesn’t actually work. So, I’ve been playing around with coding to see what works the best and what is best security wise. Even though the password is more secure, I didn’t want to add that to a cookie nor did I want to add an unhashed username as a cookie as well.
Therefore, I decided to go with adding a new column to the members table called auth_token. By doing it this way, I can avoid using the username and password as cookies and instead use some other hashed field along with the auth_token. To prepare your members table for version 3.0.3, check out this forum post.