On Fri, Apr 06, 2007 at 03:38:07PM -0400, The Editor wrote:
> On 4/6/07, Tony C. <[EMAIL PROTECTED]> wrote:
> > However, whenever I set attributes (i.e. I go to URL?action=attr, enter
> > something in one of the fields, and click on the Save button), I get
> > logged out.
>
> It's a design feature (I don't like it either) but it's purpose I
> guess is so you can test the new settings to make sure they work : )
It's a design feature to avoid surprise/confusion for newbie
administrators.
Before this feature was implemented, what would happen is that
someone would log in (e.g., as the site administrator), use
?action=attr on a page, and then assume/report that passwords
weren't working because they weren't subsequently prompted
for a password on the page (because they were already logged in
as administrator).
So, to avoid the frequent reports of "?action=attr isn't
setting a password", PmWiki's default is to clear the session
whenever a password attribute is modified. This has helped
immensely to avoid confusion.
Dan reports correctly that it can be disabled -- this is done
with
$EnablePostAttrClearSession = 0;
(See http://www.pmiki.org/wiki/PmWiki/SecurityVariables .)
Hope this helps!
Pm
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
