Only having to enter a password once per session is a feature. For
those who make lots of edits, it's essential.
The best way to protect your page when you're away from your machine
is to log out. (I think that works on the base installation. It
certainly does when there is user authentication.) Try adding "?
action=logout" to the URL of any page. That should wipe clear your
passwords. BTW, logout should happen automatically after enough time
as passed. How much time depends on the configuration.
Randy
On Jan 15, 2008, at 10:37 PM, Steven Benmosh wrote:
Seems to me that when I go to a password protected page (of course
with the password) with the ?action=attr option, and then leave the
page without changing or clearing any of the passwords on display, I
can then re-enter the page in edit mode, without having to put in
the password again.
I tried closing the tab to pmwiki, and then clear the privacy
options in firefox, but it was not until I cleared all cookies that
I was asked for the edit password again.
I assume this glitch is only on the local machine, but I leave my
browser on for days at a time, so this is not such a good thing to
happen, security wise.
Is that the expected behavior, or is it a bug? If the former, is
there something I can do, short of clearing all cookies, to turn it
off?
Thanks.
--
Check out my web site - www.words2u.net
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
