[Mailman-Users] force re-authentication in web UI

Devin Reade gdr at gno.org
Fri Apr 10 17:44:13 CEST 2015

In the case where a list owner or moderator password has been 
compromised, or when performing a change of owner/moderator, 
one should obviously change the related passwords.  However,
if a former owner/moderator (or the person who stole the password)
still has their browser open, their cookie is still valid
and they can continue to access and change the list.

I've been perusing the various docs to see if there is a method
to purge state such that web UI users are required to re-authenticate
(either globally or on a per-list basis), but cannot find anything.
Simply restarting apache isn't sufficient (determined emperically).

Does this feature exist?  If so, any pointers are appreciated.

Running mailman-2.1.16 with httpd-2.2.15.


More information about the Mailman-Users mailing list