Are you using Firefox ? Then this bug might be of interest: https://bugzilla.mozilla.org/show_bug.cgi?id=443354#c48
Am 01.03.2013 um 14:53 schrieb "Ohsie, David" <[email protected]>: > So I guess the next natural questions, based on the observations posted here > are as follows: > > 1) If you close your browser and then reopen it, is the MoodleSession cookie > still there, even though it is marked as "Expires: End of Session". > > 2) What browser and version is that? > > If the browser is going to hold on to session cookies even when it is closed, > then I'm not sure what you can do… > > David Ohsie > Software Architect > EMC Corporation > > > From: Danny Sinang [mailto:[email protected]] > Sent: Friday, March 01, 2013 6:26 AM > To: [email protected] > Subject: Re: [cas-user] Public computer login and CAS > > Hi David, > > No, I don't have "Remember Me" turned on. > > As for the cache control headers, I clicked on "View Page Info" while on my > secure page (in Firefox) and this is what I saw : > > <image002.jpg> > > For the session cookie, here's what I saw : > <image004.jpg> > > Regards, > Danny > > On Thu, Feb 28, 2013 at 2:08 PM, Ohsie, David <[email protected]> wrote: > Do you have "Remember Me" turned on? > > If not, it is possible that either the session cookies from your site are > persistent (with an an explicit Expires/MaxAge) or else the cache control > headers are allowing some pages to remain withing the browser cache. > > From: Danny Sinang [mailto:[email protected]] > Sent: Thursday, February 28, 2013 12:55 PM > To: [email protected] > Subject: [cas-user] Public computer login and CAS > > Hi, > > I noticed that closing and reopening my browser allows me to access protected > webpages on my CASified site. > > This could be a problem if I logged in from a public computer (internet cafe, > etc). > > Is there a way to secure against this ? > > Regards, > Danny > -- > You are currently subscribed to [email protected] as: > [email protected] > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
