Is there any harm that could come if someone knew the url's (& token IDs) you were using when logged into the admin?

If I logged into the OpenCart admin on a public computer, would there be any harm if someone saw and copied the exact url I was visiting? For example, one of the url's might be something like this: I noticed that url includes a token ID. If someone had seen that url & somehow copied it, would they be able to access the admin on another computer at a different time? Or is there any other harm that could come if someone knew the url's you were visiting when logged into the admin?

Right now, I'm assuming it's safe because the token ID's eventually change after a period of time. But if someone had the url at a time when the token hadn't yet expired, would they be able to log into the admin? Or is there some safeguard that identifies a token with a specific computer only?

Login to Chrome, copy the URL, past it in Firefox, and you'll see that's not possible to login just with the URL, even on the same computer, let alone on another one

Thanks, this is great to know. So does this token system insert something into the browser (similar to cookies) which only that particular browser can use? And logging out of the admin removes whatever was inserted?

What if I was on vacation and I wanted to log into the admin on the hotel's wi-fi network? Is it safe to do so? I'm pretty sure wi-fi administrators can see the url's visited on their network. Based on the answer above, I'm feeling confident that they probably wouldn't be able to see my admin pages (due to the token system). But can they see the password that I enter?

Is it safer to log into the admin on a hotel's wi-fi network or a cell phone company's data network (ie/ T-mobile, Verizon, etc.). My first thought was that it's safer with the cell company's network just because it's a lot larger and thus there'd be less chance of someone zeroing in on your particular data than a much smaller Wi-Fi network in a hotel.

RideTheWave wrote: ↑

Tue Jul 18, 2017 8:22 am

Thanks, this is great to know. So does this token system insert something into the browser (similar to cookies) which only that particular browser can use? And logging out of the admin removes whatever was inserted?

Yes, a cookie, there isn't anything else.

RideTheWave wrote: ↑

Tue Jul 18, 2017 8:22 am

What if I was on vacation and I wanted to log into the admin on the hotel's wi-fi network? Is it safe to do so? I'm pretty sure wi-fi administrators can see the url's visited on their network. Based on the answer above, I'm feeling confident that they probably wouldn't be able to see my admin pages (due to the token system). But can they see the password that I enter?

They could get your passwords unless your site uses HTTPS.

RideTheWave wrote: ↑

Tue Jul 18, 2017 8:22 am

Is it safer to log into the admin on a hotel's wi-fi network or a cell phone company's data network (ie/ T-mobile, Verizon, etc.). My first thought was that it's safer with the cell company's network just because it's a lot larger and thus there'd be less chance of someone zeroing in on your particular data than a much smaller Wi-Fi network in a hotel.

Cell phone is safer if you don't use HTTPS. But of course, you should:
https://www.antropy.co.uk/blog/it-s-tim ... -to-https/