CheckCookie(): If the authcontext is AuthUser and the `user' argument

is false, then scan the cookie keys for user names.  This is used in
private archive authentication (which doesn't have a user context in
the url), so that if a user has already authenticated to edit their
options, they get into the private archives with no login necessary.

Note that this does /not/ open a hole for user option pages because
those have a user context in the url which is passed to CheckCookie
and must match explicitly.

__checkone(): Does one authcontext/user authentication.

0 files changed, 0 insertions, 0 deletions