I created a script to login to a website CMS I programmed.
it asks you for your username and password. the script access a MySQL database where the password is encrypted. and if they are correct, then creates a session $_SESSION[‘login’]=true
Accidentally I noticed that when I was logged in to the CMS and I was programming another one, I noticed it logged me in without asking for the username and password, I thought it happened because there was already a session called login and it was equal to true.
Does this mean the security of both CMSs are at risk? or did I make another mistake?
