Bug#317925: sql-ledger: Logout does not properly terminate a session
On Mon, Jul 18, 2005 at 12:44:24AM +0200, Petter Reinholdtsen wrote: > What do you mean? Can one continue to work in sql-ledger after > logging out? Your description lead me to think that you expected the > browsers cached pages to disappear at log out time. What did you > expect would happen when you logged out? How could sql-ledger be > changed to make it happen? Hi Petter, I was trying to say that I can continue to work in sql-ledger after logging out. I'm not sure why I was seeing this behavior on my installation. Currently my version is functioning as expected so you can close this ticket. I'll try to track it down further if I can reproduce this behavior. Thanks, William -- Knowmad Services Inc. http://www.knowmad.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#317925: sql-ledger: Logout does not properly terminate a session
[William McKee] > However, the session is still active which means anyone else may > walk up to the system and use the History or the Back button of the > browser to access all account information for the previously logged > in user. What do you mean? Can one continue to work in sql-ledger after logging out? Your description lead me to think that you expected the browsers cached pages to disappear at log out time. What did you expect would happen when you logged out? How could sql-ledger be changed to make it happen? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#317925: sql-ledger: Logout does not properly terminate a session
Package: sql-ledger Version: 2.4.7-2 Severity: grave Justification: user security hole Using the Logout option on the menu takes the user back to the login screen. However, the session is still active which means anyone else may walk up to the system and use the History or the Back button of the browser to access all account information for the previously logged in user. This is not a big deal within a small intranet but poses a security risk on an internet-accessible server. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages sql-ledger depends on: ii apache2-mpm-prefork [httpd] 2.0.54-4 traditional model for Apache2 ii libdbd-pg-perl1.41-3 a PostgreSQL interface for Perl 5 ii perl 5.8.4-8Larry Wall's Practical Extraction ii perl-dummy [perl] 1.0Custom compiled Perl 5.8.2. This d -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]