>>>>> "MS" == Mark Sapiro <m...@msapiro.net> writes:
MS> I understood that, but what else happens? What response do you get from MS> the web server when you go to the mailman/confirm/$LISTNAME/$TOKEN uri? Sorry; I thought that was clear. Replies to the confirm mail generate an invalid token reply; surfing to the token uri returns an invalid token page. MS> Do other confirmations, e.g. subscription requests, work? Yes. As I wrote, all confirmation tokens generated by active requests always work, whether change-of-email-address, subscribe or unsubscribe. A few sites over the years only supported email or only supported http, but the tokens never generated invalid errors unless they came as part of a please-reply-to-reactivate mail. In other words, tokens generated by the cgi or by sending a subscribe or unsubscribe mail work, but tokens generated by class Bouncer are always invalid. Is the cookie expiring before the mail is sent? I see the comment in Bouncer.py about trying to avoid that, but that would explain things. -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 1024D/ED7DAEA6 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
