[Mailman-Developers] Cookies

Scott scott@chronis.pobox.com
Sat, 30 May 1998 16:37:38 -0400


On Sat, May 30, 1998 at 01:28:29PM -0700, John Viega wrote:
| On Sat, May 30, 1998 at 02:23:02PM -0400, Scott wrote:
| > 
| > | I'd like to not be implicitly logged in if
| > | someone else starts up my browser.  Also, I've seen some sites that
| > | log people off automatically after 15 mins of inactivity on that site.
| > | Do you think that's a good idea?
| > 
| > The cookies will not allow anyone to submit changes after the timeout
| > period (defaulting to 20 minutes).  I'm not sure how to portably force
| > people to be logged off in any other way.
| 
| Well, what I'm talking about is the same thing, but if you press
| "submit" after the cookie runs out, you'll get an error message
| saying, "we've already logged you out due to inactivity", instead of
| just giving the login screen.

how do you tell the difference between a cookie running out and no
cookie being submitted in the first place? 

| Also, I noticed that it looks like the edithtml pages don't share the
| same cookie (and, in fact, aren't using cookies at all at the moment...)

true.  it seems like they should more for the sake of uniformity than
anything else, as there's no reason to hide publicly accessible html
pages from people.  this shouldn't be too hard to do with the existing
isAuthenticated function from the admin cgi. i don't think i'll have
time to that before i go away June 1-10, but i'm willing to change
edithtml when i get back if no one's done it yet.

scott