to fix a security-hole in antville we had to change the cookie-creation and -handling three days ago. as some of you already noticed the "remember me"-feature seems to work differently. this is because of our fix, and unfortunatly it seems to be the only possible solution:

from now on the "remember me"-feature will only work for those who have a static ip-address, for most modem/adsl-users it won't resp. just as long as they they keep their ip-address. this is because we're now using the client-ip as part of the key that is stored in one of the cookies used by the "remember me"-feature.

those who have antville installed somewhere should update their installations (the fix is already in cvs, in both the main- and the need_for_speed-branch). to give you a brief description: before it was possible for a weblog-owner to retrieve the "remember-me"-cookies of visitors and use them to log in as a differnt user. this has never happened (afaik), but of course we had to fix the hole.

sorry for the inconvenience.

in my case the remember me works in the office but doesn't work at home. can i make it work at home by clearing the cookies at work?

for me totally. i'm working with a static ip the whole day on an ibook. when i get back home and switch to my adsl environment, i have lotsa problems. makes antville almost unusable. more on this tomorrow, getting tired now.

[update]:(in german, sorry for the inconvinience)

ich bin mir ziemlich sicher, das diese loesung eines vermeintlichen problems der antville-community das genick brechen wird. kaum einer hat eine feste ip und wenn man zwischen environments(wie uni +zuhause) switched, ist man eh gefi**t. staendig cookies loeschen und browser neu starten etc, das macht kein spass. denkt da bitte noch mal drueber nach. siehe auch zb beim seewolf.