Another security vulnerability

Message boards : Website : Another security vulnerability
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Istvan Burbank
Avatar

Send message
Joined: 3 Apr 08
Posts: 312
Credit: 58,920
RAC: 0
Message 9159 - Posted: 22 Jan 2009, 18:18:25 UTC

I was at a school computer, and I did a little posting here, but when I went to \'your account settings\' to log out it said \'not logged in\'. However I wrote this post, and edited the spelling of my session description, so for some reason either the cookie was not properly deleted, or some other failure has occured. This could be a problem for people using public computers, so I will check out some code when I get home.
ID: 9159 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Istvan Burbank
Avatar

Send message
Joined: 3 Apr 08
Posts: 312
Credit: 58,920
RAC: 0
Message 9160 - Posted: 22 Jan 2009, 18:21:35 UTC

Another note: I did not tell it to keep me logged in, and when I re-opened the browswer it was logged out, so the problem might be that the cookie that is set when the \'stay logged in\' checkbox is not checked expires when the browser is closed. This is a simple fix if it is the case, but also a small security flaw because other people could use the browser befor it is closed, esp. in the environment that this would be a risk.
ID: 9160 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Janus
Volunteer moderator
Project administrator
Avatar

Send message
Joined: 16 Jun 04
Posts: 4555
Credit: 2,097,282
RAC: 0
Message 9171 - Posted: 24 Jan 2009, 16:47:35 UTC

Right, so it doesn\'t actually cancel the current browser session. Does it work now?
ID: 9171 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Profile Istvan Burbank
Avatar

Send message
Joined: 3 Apr 08
Posts: 312
Credit: 58,920
RAC: 0
Message 9191 - Posted: 27 Jan 2009, 22:06:26 UTC

indeed much better!

~thanks!
ID: 9191 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote

Message boards : Website : Another security vulnerability