--On Tuesday, June 09, 1998, 9:10 PM -0600 Ben Parker <[log in to unmask]> wrote: > On Tue, 9 Jun 1998 21:07:19 -0500, Adam Bailey <[log in to unmask]> wrote: > >>There's also the common problem of people using a lab computer and then >>leaving without clearing that information out. Then the next person comes >>in and starts interacting with the LISTSERV without thinking. > > Which is why we recommend you NOT use browser "cookies" unless you are the > only user of your machine. This is a problem even without using cookies. Here is a copy of a message I sent to L-Soft Support about two weeks ago regarding this problem.... --On Thursday, May 28, 1998, 1:07 AM -0400 "Alan S. Dobkin" <[log in to unmask]> wrote: > I've noticed that the LISTSERV web interface expires the authentication > tickets after a set amount of time, which I think is a good security > measure, especially if the user leaves their workstation. However, it > is very easy to use the browser's back function to bring up the original > web page that the person used to authenticate and simply click the login > button, or worse yet, login and save the password as a cookie. > > We have a similar web page that we use for authentication to other web- > based services, and our workaround to this problem was to use the META > HTTP-EQUIV="Refresh" tag. This simply reloads the page after a set > amount of time (we use 120 seconds), which blanks out the form entries. > > It would be nice if this tag (or some other workaround) could be added > into the web interface before 1.8d is officially released. > > Thanks, > Alan > > /-------------------------------+---------------------+-----------------\ > | Alan S. Dobkin @ Emory U. ITD | 1784 N. Decatur Rd. | E-Mail Address: | > | Operating Systems Analyst | Suite 300 (3rd Fl.) | ADobkin | > | Internet/Intranet Services | Atlanta, GA 30322 | @Emory.Edu | > | http://ADobkin.ITD.Emory.Edu/ | (404) 727-2766 | FAX #: 727-2599 | > \-------------------------------+---------------------+-----------------/