This topic is locked

PHPR 10.6 Fixed Username Password Bug

8/18/2021 3:23:32 PM
PHPRunner General questions
biotechsun author

If you use Hardcoded - Fixed Username Password in PHPR v10.6, it will just make you login, without entering anything in the username and password field

biotechsun author 8/21/2021

Even built 37666 also has the same security issue

HJB 8/23/2021

Wrong info from your end. It is fact that the login credentials are called upon first opening
of the web application (under a fresh start of the browser). As long as the browser window
is open after you suceeded to login, PHPRunner keeps that very session alive. If you close
the browser, the session ends, thus upon a new login later on, the web application is asking
for the login credentials again. Under "security" section within PHPRunner you can find options
for the session control, so, if you under a hardcoded (= one user) think it to be very important
that you need to pass loging credentials, think about let us say a 5 minutes time of inactivity
to be the limit for a session for any user to be set to then end the session inside the browser.

biotechsun author 8/23/2021

You can visualize it here, you should have tried to reproduce the same before your long reply....

click to view

biotechsun author 8/27/2021

Rectified in build 37732.