Hi Mike, Possibly I have been experimenting with users advancing to the point where they can click on the open button for a specific item but the system would then bar entry AFTER clicking the open button (had I gone further). I would have assumed that they had access to the item having gotten by stages where they would normally be presented with the login screen or authorization required prompt.... I will try to recreate the circumstances and verify what in fact has been happening.
Thanks again, Nigel -----Original Message----- From: Michael White [mailto:[EMAIL PROTECTED] Sent: Monday, May 26, 2008 11:28 AM To: Nigel Pegus Cc: dspace-tech@lists.sourceforge.net Subject: RE: Unplanned user access Hi Nigel, > my concern is that unprivileged users accessing the item > form the outside will in certain cases get access to restricted > content In my experience I don't think this can happen - even if I'm looking at a cached version of a page that seems to suggest I'm logged on when I'm not, as soon as I click to try and access protected content, the authentication/authorisation bits of DSpace kick in and start looking for a valid authentication context - as this context isn't actually there (despite what the cached version of the page is telling me), I can't get access to the protected content . . . > and see themselves logged in as a privileged user... Again, I don't *think* this can happen - as Christophe pointed out, it's not DSpace that is serving a cached version of the page, but the browser "reusing" a locally cached version - so a user will only see themselves logged on if they (or someone else) has previously logged on to the system, and then logged off again, in the same browser session . . . I've certainly not heard of anything like the scenarios you describe actually happening - the problems I hear about are usually the "other way around" - I've had numerous enquiries from our workflow staff relating to things like the "Edit" button not being visible on an item view page - these are always problems relating to a cached version of the item view page - they access an item page, then subsequently log on and go back to that page, but don't get access to the admin features (the give away is always the absence of the "Logged in as" message). Hope that helps. Mike Michael White eLearning Developer Centre for eLearning Development (CeLD) S7, The Library University of Stirling Stirling SCOTLAND FK9 4LA Email: [EMAIL PROTECTED] Tel: +44 (0) 1786 466877 Fax: +44 (0) 1786 466880 http://www.is.stir.ac.uk/celd/ -- The University of Stirling (a charity registered in Scotland, number SC 011159) is a university established in Scotland by charter at Stirling, FK9 4LA. Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not disclose, copy or deliver this message to anyone and any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech