[Mailman-Users] Login Persistence and Cookies
Bryan Fullerton
bryanf at samurai.com
Wed Jan 8 15:51:56 CET 2003
On Tuesday, January 7, 2003, at 08:37 PM, Paul Allen Rice wrote:
> I've noticed that when I log out of the admin page for one list, go to
> another and login there, then come back to the first list, all without
> shutting down my browser, Mailman allows me back into the first list
> admin
> area without requesting a login.
When you hit "logout", Mailman removes the contents of the cookie (but
leaves the cookie itself until you exit the browser), so this really
shouldn't work. If your browser allows you to inspect the contents of
the cookies you have stored you can confirm this is working.
When you say "allows me back", does that mean by hitting the back
button, or re-entering the URL? The back button will display whatever
was there before, but you shouldn't be able to modify anything without
re-authenticating.
Is it possible that your browser is auto-completing the login form?
Bryan
More information about the Mailman-Users
mailing list