Apache 1.3.9
Sparc10 running Solaris 2.5.1
Listserv 1.8d

okay, I re-installed listserv, got the web interface up and working and set
a passwd for the admin.

What I find now is that if I bookmark any page AFTER the login and
password page, and then select that bookmark later (even after shutting
the browser down), I can bypass the login.

I tested it in 3 browsers:

Netscape 4.7 will allow you to bypass only if you DO NOT clear your
PC cache.

Both Opera 3.6 and IE 3.02 will allow you to bypass even after you have
cleared your PC cache.

Apache has a cache setting of 24 hours, but if someone comes back in
before that period is up then it extends another 24 hours.

Netscape will allow you to set you own PC cache for up to 99 days, I
am not sure on the other browsers but assume it would be something
similar.

Is there any way, other than securing the Apache server further down, of
forcing a login each time for the web interface to ListServ?

PS: I know I am looking for short answers here, looked in the manuals
and there is nothing in there about it, nor on the FAQ's, leaving this
position in another 10 days and need to make this as fool proof as
possible.

thanks

lsvadmin