If I logged into the OpenCart admin on a public computer, would there be any harm if someone saw and copied the exact url I was visiting? For example, one of the url's might be something like this:
Code: Select all
I noticed that url includes a token ID. If someone had seen that url & somehow copied it, would they be able to access the admin on another computer at a different time? Or is there any other harm that could come if someone knew the url's you were visiting when logged into the admin?
Right now, I'm assuming it's safe because the token ID's eventually change after a period of time. But if someone had the url at a time when the token hadn't yet expired, would they be able to log into the admin? Or is there some safeguard that identifies a token with a specific computer only?