[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] Session timeout in AI

Subject: [ic] Session timeout in AI
From: interchange-users@icdevgroup.org (Grant)
Date: Fri Nov 22 12:12:00 2002
In-reply-to: <001f01c291b2$06bdbf60$0a01000a@badtzmaru.com>

>> Especially if I log in just to Apply changes and then do nothing.. If I
>want
>> to apply changes again in 20 seconds I get error message that I'm not
>> authorized to do this.. I need to relog in and then apply it.. then it
>> works.. just an observation:)
>
>    When you open IC in another window to test the changes you just made,
>you are probably logging in as another user, which is overwriting the IC
>cookie.
>
>
>Jeff

I've brought this up before and gotten no response, but it seems like
something that needs attention for security's sake.  When you log in to the
UI, the MV_USERNAME and MV_PASSWORD cookies are set containing the
appropriate two values and they are explicitly NOT secure.  Isn't that a bit
of a security issue?  I don't understand why those cookies are even set as
there is no autologin feature for the UI.

- Grant

Follow-Ups:
- [ic] Session timeout in AI
  - From: interchange-users@icdevgroup.org (Jeff Dafoe)

References:
- [ic] Session timeout in AI
  - From: interchange-users@icdevgroup.org (Jeff Dafoe)

Prev by Date: [ic] style or class in metadata for [display] tag
Next by Date: [ic] APACHE 2.0
Previous by thread: [ic] CVV with Authnet
Next by thread: [ic] Session timeout in AI
Index(es):
- Date
- Thread