Message boards :
Website :
Another security vulnerability
Message board moderation
Author | Message |
---|---|
![]() ![]() Send message Joined: 3 Apr 08 Posts: 312 Credit: 58,920 RAC: 0 |
I was at a school computer, and I did a little posting here, but when I went to \'your account settings\' to log out it said \'not logged in\'. However I wrote this post, and edited the spelling of my session description, so for some reason either the cookie was not properly deleted, or some other failure has occured. This could be a problem for people using public computers, so I will check out some code when I get home. |
![]() ![]() Send message Joined: 3 Apr 08 Posts: 312 Credit: 58,920 RAC: 0 |
Another note: I did not tell it to keep me logged in, and when I re-opened the browswer it was logged out, so the problem might be that the cookie that is set when the \'stay logged in\' checkbox is not checked expires when the browser is closed. This is a simple fix if it is the case, but also a small security flaw because other people could use the browser befor it is closed, esp. in the environment that this would be a risk. |
![]() Volunteer moderator Project administrator ![]() Send message Joined: 16 Jun 04 Posts: 4574 Credit: 2,100,463 RAC: 8 |
Right, so it doesn\'t actually cancel the current browser session. Does it work now? |
![]() ![]() Send message Joined: 3 Apr 08 Posts: 312 Credit: 58,920 RAC: 0 |
indeed much better! ~thanks! |