[ic] Session timeout in AI

[Jeff Dafoe]

> I've brought this up before and gotten no response, but it seems like
> something that needs attention for security's sake.  When you log in to
the
> UI, the MV_USERNAME and MV_PASSWORD cookies are set containing the
> appropriate two values and they are explicitly NOT secure.  Isn't that a
bit
> of a security issue?  I don't understand why those cookies are even set as
> there is no autologin feature for the UI.

    Are you sure those values are set in the cookie?  I haven't looked, but
since IC is a session-based system, I would assume that the cookie would
point to the session as opposed to actually containing the username and
password information.


Jeff