Sender: |
|
Date: |
Fri, 17 Dec 1999 11:03:51 +1100 |
Reply-To: |
|
Content-type: |
text/plain; charset=US-ASCII |
Subject: |
|
MIME-Version: |
1.0 |
In-Reply-To: |
|
Content-transfer-encoding: |
7BIT |
From: |
|
Parts/Attachments: |
|
|
no, I didnt save it as a cookie, and to ensure that I was not mistaken I
got another admin here to login and repeat the bookmark problem,
ensuring that they didnt select the <save passwd as cookie> button and
I still get the same problem.
Clearing the PC cache on IE and on Opera did not remove the ability to
bypass through a bookmark, it does with Netscape however, which
seems to imply a cached cookie. The same problem exists whether you
use or bypass the proxy too.
Login/passwd information is only collected at the Listserv login screen,
as far as I understand cookies that means it cant be coming in from any
other cookie from any other source.
Does wa set a cookie even though you dont specifically select for it to
do so? If it does, is this configurable, as in shorteing its lifespan or
making logoff/idletime kill it? Can you set wa configuration to force
validation at each separately requested action? Sorry, I just cant find
anything on these in the manuals or the faqs.
thanks
lsvadmin
On 16 Dec 99, at 16:21, Ben Parker wrote:
> On Fri, 17 Dec 1999 09:23:06 +1100, lsvadmin <[log in to unmask]> wrote:
>
> >What I find now is that if I bookmark any page AFTER the login and
> >password page, and then select that bookmark later (even after shutting
> >the browser down), I can bypass the login.
>
> Did you save your login as a 'cookie'? I am guessing you did so. What you
> describe would then be the expected behavior.
>
|
|
|