Another security vulnerability


Advanced search

Message boards : Website : Another security vulnerability

Author Message
Profile Istvan Burbank
Avatar
Send message
Joined: 3 Apr 08
Posts: 312
Credit: 58,920
RAC: 0
Message 9159 - Posted: 22 Jan 2009, 18:18:25 UTC

I was at a school computer, and I did a little posting here, but when I went to \'your account settings\' to log out it said \'not logged in\'. However I wrote this post, and edited the spelling of my session description, so for some reason either the cookie was not properly deleted, or some other failure has occured. This could be a problem for people using public computers, so I will check out some code when I get home.

Profile Istvan Burbank
Avatar
Send message
Joined: 3 Apr 08
Posts: 312
Credit: 58,920
RAC: 0
Message 9160 - Posted: 22 Jan 2009, 18:21:35 UTC

Another note: I did not tell it to keep me logged in, and when I re-opened the browswer it was logged out, so the problem might be that the cookie that is set when the \'stay logged in\' checkbox is not checked expires when the browser is closed. This is a simple fix if it is the case, but also a small security flaw because other people could use the browser befor it is closed, esp. in the environment that this would be a risk.

Profile Janus
Volunteer moderator
Project administrator
Avatar
Send message
Joined: 16 Jun 04
Posts: 4483
Credit: 2,094,806
RAC: 0
Message 9171 - Posted: 24 Jan 2009, 16:47:35 UTC

Right, so it doesn\'t actually cancel the current browser session. Does it work now?

Profile Istvan Burbank
Avatar
Send message
Joined: 3 Apr 08
Posts: 312
Credit: 58,920
RAC: 0
Message 9191 - Posted: 27 Jan 2009, 22:06:26 UTC

indeed much better!

~thanks!


Post to thread

Message boards : Website : Another security vulnerability