[Mailman-Users] Why does iOS's Safari log out the moderator web page?

Mark Sapiro mark at msapiro.net
Wed Feb 5 00:55:38 CET 2014

On 02/04/2014 03:03 PM, Peter Shute wrote:
> I agree that convenience is often at the expense of security, but I feel that this is just a side efect of something they've done with multitasking. The cookies are supposed to expire if I close the browser, but I haven't. I've only swapped to another program for a while. Safari is a native app, not a random program off the internet.

The security issues are not with the browser sofware, but rather with
Cross Site Request Forgery attacks.

> As Mark said, this is an Apple problem, not a mailman problem. but if it has become a permanent feature of iOS, and if lots of mailman administrators use iOS, does it become a mailman problem?

And have you asked Apple about it?

As far as providing "relief" in Mailman in the form of persistent
cookies, I'm not inclined to do that in Mailman 2.1 because of the
potential CSRF implications. The login/security model for Mailman
3/Postorius is different, so this may or may not be an issue there.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list