Oops. Internet Explorer claimed that cookies were enabled but they really weren't...^(
I can now change the description and I no longer get popped back to the authentication page.
The other issues I mentioned still exist...
David
I've seen several (too many) messages to the list about people logging into the archives or the administrative pages for various versions of Mailman, only to have their changes not saved, and be thrown back to the authentication page. I've NOT seen anyone offer a solution.
It appears that the problems are more on the browser end than on the server end. I've upgraded to the 2.1 final release and have no problems myself (using MSIE on XP Pro with cookies enabled). However, one of my list admins tells me that he has this problem with Mozilla, but not with Galeon. He has cookies enabled in ALL of his browsers tho.
I've noticed that when I log out of the admin page for one list, go to another and login there, then come back to the first list, all without shutting down my browser, Mailman allows me back into the first list admin area without requesting a login.
There's obviously some sort of persistence thing going on here, since we all have cookies enabled, but some cookies "go stale" quicker than others.
Does anyone have a definitive answer for this, other than to tell me to turn my cookies on, because they already are. Is there some sort of setting that can be tweaked in Mailman/Python to adjust the lifespan of the cookies it creates?
Paul Rice Fantastic Websites
"PAR" == Paul Allen Rice <mailman@fantasticwebsites.com> writes:
PAR> I've noticed that when I log out of the admin page for one
PAR> list, go to another and login there, then come back to the
PAR> first list, all without shutting down my browser, Mailman
PAR> allows me back into the first list admin area without
PAR> requesting a login.I cannot reproduce this with NS, Moz, or Konq on Linux. I don't have OSX booted at the moment, but I don't recall ever seeing any such problems with NS, Moz, Chimera, or IE on OSX (haven't tried Safari yet :).
PAR> There's obviously some sort of persistence thing going on
PAR> here, since we all have cookies enabled, but some cookies "go
PAR> stale" quicker than others.Mailman's admin cookies are "session cookies". They go away when you quit your browser.
PAR> Does anyone have a definitive answer for this, other than to
PAR> tell me to turn my cookies on, because they already are. Is
PAR> there some sort of setting that can be tweaked in
PAR> Mailman/Python to adjust the lifespan of the cookies it
PAR> creates?No, but you could try playing with MakeCookie() in SecurityManager.py.
The only cookie problems I've seen so far, and that have been confirmed, are those related to the Apache rewrite rules given in UPGRADING. Folks use these to migrate lists one at a time. I'm still not sure why this is, but I strongly suspect an Apache problem or misconfiguration.
-Barry
On Tuesday, January 7, 2003, at 08:37 PM, Paul Allen Rice wrote:
I've noticed that when I log out of the admin page for one list, go to another and login there, then come back to the first list, all without shutting down my browser, Mailman allows me back into the first list admin area without requesting a login.
When you hit "logout", Mailman removes the contents of the cookie (but leaves the cookie itself until you exit the browser), so this really shouldn't work. If your browser allows you to inspect the contents of the cookies you have stored you can confirm this is working.
When you say "allows me back", does that mean by hitting the back button, or re-entering the URL? The back button will display whatever was there before, but you shouldn't be able to modify anything without re-authenticating.
Is it possible that your browser is auto-completing the login form?
Bryan
participants (4)
-
barry@python.org -
Bryan Fullerton -
David LeVine -
Paul Allen Rice