Page MenuHomePhabricator

UserName cookie should not be set when "remember me" is disabled
Open, Needs TriagePublic

Description

CookieSessionProvider records the username in a cookie and pre-fills the username field on next login, to make it more convenient. It seems wrong to do that even if the user logged in with "Remember me" unchecked.

Event Timeline

Hi @Tgr ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

I don't think anything changed about this since it was reported.