[Mailman-Users] Login Persistence and Cookies

[Barry A. Warsaw]

>>>>> "PAR" == Paul Allen Rice <mailman at fantasticwebsites.com> writes:

    PAR> I've noticed that when I log out of the admin page for one
    PAR> list, go to another and login there, then come back to the
    PAR> first list, all without shutting down my browser, Mailman
    PAR> allows me back into the first list admin area without
    PAR> requesting a login.

I cannot reproduce this with NS, Moz, or Konq on Linux.  I don't have
OSX booted at the moment, but I don't recall ever seeing any such
problems with NS, Moz, Chimera, or IE on OSX (haven't tried Safari yet
:).

    PAR> There's obviously some sort of persistence thing going on
    PAR> here, since we all have cookies enabled, but some cookies "go
    PAR> stale" quicker than others.

Mailman's admin cookies are "session cookies".  They go away when you
quit your browser.

    PAR> Does anyone have a definitive answer for this, other than to
    PAR> tell me to turn my cookies on, because they already are.  Is
    PAR> there some sort of setting that can be tweaked in
    PAR> Mailman/Python to adjust the lifespan of the cookies it
    PAR> creates?

No, but you could try playing with MakeCookie() in SecurityManager.py.

The only cookie problems I've seen so far, and that have been
confirmed, are those related to the Apache rewrite rules given in
UPGRADING.  Folks use these to migrate lists one at a time.  I'm still
not sure why this is, but I strongly suspect an Apache problem or
misconfiguration.

-Barry