e5c786377cee95f737ff9d4bbada817e14f94aa4
angie
  Mon Dec 12 09:25:06 2016 -0800
Better cookies and validation for hgLogin: instead of sending gbMembers.idx as
the login cookie and then never checking the value of the incoming cookie, use
a salted hash.  The salt is a secret text value specified by login.cookieSalt
in hg.conf.private.  For remote login, both hosts' hg.conf.private files must
specify the same login.cookieSalt.  In order to avoid logging out all users,
for now the correct value of gbMembers.idx is accepted in place of the salted
hash for local logins.  For remote logins without login.cookieSalt, there is
still no way to check the incoming cookie.  For local logins without
login.cookieSalt, the correct gbMembers.idx is accepted.
refs #17327

diff --git src/hg/hgLogin/hgLogin.h src/hg/hgLogin/hgLogin.h
index 6b601fd..9231e4a 100644
--- src/hg/hgLogin/hgLogin.h
+++ src/hg/hgLogin/hgLogin.h
@@ -1,27 +1,26 @@
 /* hgLogin.h  */
 
 /* Copyright (C) 2013 The Regents of the University of California 
  * See README in this or parent directory for licensing information. */
 
 #ifndef hgLogin_H
 #define hgLogin_H
 
 /* ---- global variables ---- */
 #define TITLE "UCSC Genome Browser Login v"CGI_VERSION
 /* ---- hg.conf parameters used by hgLogin ---- */
 #define CFG_LOGIN_BROWSER_NAME "login.browserName"
 #define CFG_LOGIN_BROWSER_ADDR "login.browserAddr"
 #define CFG_LOGIN_MAIL_SIGNATURE "login.mailSignature"
 #define CFG_LOGIN_MAIL_RETURN_ADDR "login.mailReturnAddr"
-#define CFG_CENTRAL_DOMAIN "central.domain"
 #define CFG_COOKIIENAME_USERNAME  "wiki.userNameCookie"
 #define CFG_COOKIIENAME_USERID  "wiki.loggedInCookie"
 #endif /* hgLogin_H */