no, I didnt save it as a cookie, and to ensure that I was not mistaken I
got another admin here to login and repeat the bookmark problem,
ensuring that they didnt select the <save passwd as cookie> button and
I still get the same problem.

Clearing the PC cache on IE and on Opera did not remove the ability to
bypass through a bookmark, it does with Netscape however, which
seems to imply a cached cookie. The same problem exists whether you
use or bypass the proxy too.

Login/passwd information is only collected at the Listserv login screen,
as far as I understand cookies that means it cant be coming in from any
other cookie from any other source.

Does wa set a cookie even though you dont specifically select for it to
do so? If it does, is this configurable, as in shorteing its lifespan or
making logoff/idletime kill it? Can you set wa configuration to force
validation at each separately requested action? Sorry, I just cant find
anything on these in the manuals or the faqs.


thanks

lsvadmin

On 16 Dec 99, at 16:21, Ben Parker wrote:

> On Fri, 17 Dec 1999 09:23:06 +1100, lsvadmin <[log in to unmask]> wrote:
>
> >What I find now is that if I bookmark any page AFTER the login and
> >password page, and then select that bookmark later (even after shutting
> >the browser down), I can bypass the login.
>
> Did you save your login as a 'cookie'?  I am guessing you did so.  What you
> describe would then be the expected behavior.
>