[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Jonathan Druart changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=22542 -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Liz Reachanged: What|Removed |Added Status|Pushed to Master|Pushed to Stable --- Comment #41 from Liz Rea --- Pushed to 3.18.13, and released. -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #40 from Galen Charlton--- (In reply to Frédéric Demians from comment #39) > This patch has been pushed to 3.20.x, will be in 3.20.7. Thanks! -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Katrin Fischerchanged: What|Removed |Added CC||frede...@tamil.fr, ||l...@catalyst.net.nz -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Galen Charltonchanged: What|Removed |Added CC||gmcha...@gmail.com --- Comment #36 from Galen Charlton --- Noting/requesting that as this patch fixes a patron privacy bug, it would be good it for it to be backported. It cherry-picks cleanly onto 3.20.x and with only a minor merge conflict onto 3.18.x. -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #37 from Frédéric Demians--- (In reply to Galen Charlton from comment #36) > Noting/requesting that as this patch fixes a patron privacy bug, it would be > good it for it to be backported. It cherry-picks cleanly onto 3.20.x and > with only a minor merge conflict onto 3.18.x. What is the right process for this? Do I have to wait that 3.22 RMaint pushes this patch to its branch for pushing it to 3.20, or do I have to pick it up directly from master? -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #38 from Katrin Fischer--- Hi Frederic, these patches are already in 3.22. -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #39 from Frédéric Demians--- This patch has been pushed to 3.20.x, will be in 3.20.7. -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after logout
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Katrin Fischerchanged: What|Removed |Added Summary|Back-button in OPAC shows |Back-button in OPAC shows |previous user's details,|previous user's details, |after LOGOUT|after logout -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #35 from Chris Cormack--- (In reply to Jonathan Druart from comment #34) > (In reply to Chris Cormack from comment #33) > > I agree with Marc that we need to also waen the users to close the browser, > > as I can confirm that this fix doesn't work for Firefox > > What version are you using? It is now ok in the latest version, I am running firefox developer edition, 43.0a2 -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #34 from Jonathan Druart--- (In reply to Chris Cormack from comment #33) > I agree with Marc that we need to also waen the users to close the browser, > as I can confirm that this fix doesn't work for Firefox What version are you using? -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 David Cookchanged: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Kyle M Hallchanged: What|Removed |Added CC||kyle.m.h...@gmail.com --- Comment #30 from Kyle M Hall --- (In reply to Katrin Fischer from comment #29) > I tested a few times - maybe it's a firefox thing? I was using Firefox in > Ubuntu. It was described as a privacy measure to not request pages not > cached automatically again. I also was testing this patch using Chrome and Firefox on OS X. My experience is that some pages would give the "cache miss" error in both browsers and some would just redirect to the login screen. -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #31 from Marc Véron--- (In reply to Kyle M Hall from comment #30) > (In reply to Katrin Fischer from comment #29) > > I tested a few times - maybe it's a firefox thing? I was using Firefox in > > Ubuntu. It was described as a privacy measure to not request pages not > > cached automatically again. > > I also was testing this patch using Chrome and Firefox on OS X. My > experience is that some pages would give the "cache miss" error in both > browsers and some would just redirect to the login screen. I think that happens if the page where you crawl back to is a page that was the result of a (log-in)form. See first point on comment #19 To reproduce (Firefox 40.1 Win / Chrome 45.0.2454.101 m / ): - Close all browser windows to have a clear base line - Open OPAC main page - Log in as user with the login form at the right on the main page - You are now on opac-user.pl - Go to 'your fines' - Log out - You are redirected to the main page - Hit back button - You are now on opac-account.pl, it displays the login form - Hit back button again - In browser address field you have .../cgi-bin/koha/opac-user.pl and the browser displays a message "Document expired... Try again" - Hit "ry again" - Brower displays a pop-up, something like "Send data again..." with buttons 'Send again' / 'Cancel' - Hit 'Send again' Result: - Firefox: ...you are logged in with user AAA and can browse to other pages - Chrome: the message on .../cgi-bin/koha/opac-user.pl says something like "Confirm sendign data again" and the string ERR_CACHE_MISS - IE: the message on .../cgi-bin/koha/opac-user.pl says something like 'Webite expired... local copy no longer valid... Fazit: The patches are fine to fix things for Chrome and IE (at least the version I tested), but with FF 40.1 I was able to get back again to a page with a valid login. Since the browsers behave differently (maybe additionally depending on individual browser settings), I would like to repeat my proposition from comment #11 (in addition to the patches): After a logout, display a message similar to the following: "Logout privacy warning: Please close this browser window if other persons have access to this computer." -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #33 from Chris Cormack--- I agree with Marc that we need to also waen the users to close the browser, as I can confirm that this fix doesn't work for Firefox -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Tomás Cohen Arazichanged: What|Removed |Added Status|Passed QA |Pushed to Master CC||tomasco...@gmail.com --- Comment #32 from Tomás Cohen Arazi --- Patches pushed to master. Thanks Jonathan! -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #28 from Jonathan Druart--- (In reply to Katrin Fischer from comment #27) > Fixes a long existing security and privacy problem, but also changes > behaviour a bit: when you are logged in and you try to use the back button, > you will see a warning, that the browser won't automatically request the > page again. I don't remember I got a warning. -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #29 from Katrin Fischer--- I tested a few times - maybe it's a firefox thing? I was using Firefox in Ubuntu. It was described as a privacy measure to not request pages not cached automatically again. -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #21 from Jonathan Druart--- Created attachment 43002 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43002=edit Bug 5371: (follow-up) Force no caching for private pages at the OPAC Same as previous patch for opac-messaging.pl and opac-readingrecord.pl -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #23 from Marc Véron--- Created attachment 43004 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43004=edit [Signed-off] Bug 5371: Force no caching for private pages at the OPAC In order no to slow too much the browsing, it is certainly not a good idea to add this cache-control value for all pages at the OPAC. This patch just adds where the author found it could be useful. Test plan: 1/ Login at the OPAC 2/ Go on the account page (opac/opac-account.pl) 3/ Click log out 4/ Use the back button of your browser Without this patch you will see the previous page. With this patch, the previous page will be reloaded and you will be redirected to the login form. Signed-off-by: Marc Véron -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #24 from Marc Véron--- Created attachment 43005 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43005=edit [Signed-off] Bug 5371: (follow-up) Force no caching for private pages at the OPAC Same as previous patch for opac-messaging.pl and opac-readingrecord.pl Signed-off-by: Marc Véron -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Marc Véronchanged: What|Removed |Added Attachment #42911|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Marc Véronchanged: What|Removed |Added Attachment #43002|0 |1 is obsolete|| -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Marc Véronchanged: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #22 from Jonathan Druart--- Marc, Thanks for testing. I have added the trick on the messaging and circulation history page. I have not changed the lists/shelves page, the module and script are going to be rewritten on another bug (bug 14544) and I don't want to introduce conflicts. I am not sure we should add the no-store value for the cache policy on other pages. -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Katrin Fischerchanged: What|Removed |Added CC||katrin.fisc...@bsz-bw.de Attachment #4761|0 |1 is obsolete|| -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #26 from Katrin Fischer--- Created attachment 43037 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43037=edit [PASSED QA] Bug 5371: (follow-up) Force no caching for private pages at the OPAC Same as previous patch for opac-messaging.pl and opac-readingrecord.pl Signed-off-by: Marc Véron Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #27 from Katrin Fischer--- Fixes a long existing security and privacy problem, but also changes behaviour a bit: when you are logged in and you try to use the back button, you will see a warning, that the browser won't automatically request the page again. -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Katrin Fischerchanged: What|Removed |Added Patch complexity|--- |Small patch Status|Signed Off |Passed QA -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Katrin Fischerchanged: What|Removed |Added Attachment #43004|0 |1 is obsolete|| Attachment #43005|0 |1 is obsolete|| --- Comment #25 from Katrin Fischer --- Created attachment 43036 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43036=edit [PASSED QA] Bug 5371: Force no caching for private pages at the OPAC In order no to slow too much the browsing, it is certainly not a good idea to add this cache-control value for all pages at the OPAC. This patch just adds where the author found it could be useful. Test plan: 1/ Login at the OPAC 2/ Go on the account page (opac/opac-account.pl) 3/ Click log out 4/ Use the back button of your browser Without this patch you will see the previous page. With this patch, the previous page will be reloaded and you will be redirected to the login form. Signed-off-by: Marc Véron Signed-off-by: Katrin Fischer -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #20 from Marc Véron--- Sorry, I saved the changes to early. Further testing: - your lists: Display after hitting "Back" - ask for a discharche: OK behalve of case explained under 'your summary' in comment #19 -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #19 from Marc Véron--- With Firefox 40.0.3 (Win), I tested all left tabs by doing the following: - Log in to OPAC - Go to a tab at the left side - Logout - Hit browser's back button Tabs tested: - your summary: OK, however if you log in from the home page, then immediately log out and then hit the back button, the browser asks says 'Document expired (...) try again'. If you do so ('Send data again'), you are logged in. You can get the same after changing to other tabs by clicking the 'Back' button until you get 'Document expired...' - your fines: OK *) - your personal details: After hitting back button, I get Home > Register a new account. I would expect a login page or the home page - your tags: After hitting back, I see the list of personal tags, patron seems to be logged in again (Name appears in Header). However if e.g. I try to delete a tag, I'm redirected to the Log in page - change your password: OK*) - your search history: 'Back' leads me back to Home > Search history with message 'Your catalog search history is empty'. I would expect a login page or the home page. - your reading history: "Back" displays the Checkout history - your privacy: OK*) - your purchase suggestion: After 'Back', patron seems to be logged in (Name in header), but the page says: "You are not authorized to see pending purchase suggestions. If I then hit the link 'New purchase suggestion' I'm redirected to the page for anonymous suggestions (patron's name disappears from header). - your messaging: After "Back", patron's messaging settings are displayed. If I change them ans submit changes, I get the log in screen *) behalve of case explained under 'your summary' -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Jonathan Druartchanged: What|Removed |Added Attachment #42648|0 |1 is obsolete|| --- Comment #17 from Jonathan Druart --- Created attachment 42911 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42911=edit Bug 5371: Force no caching for private pages at the OPAC In order no to slow too much the browsing, it is certainly not a good idea to add this cache-control value for all pages at the OPAC. This patch just adds where the author found it could be useful. Test plan: 1/ Login at the OPAC 2/ Go on the account page (opac/opac-account.pl) 3/ Click log out 4/ Use the back button of your browser Without this patch you will see the previous page. With this patch, the previous page will be reloaded and you will be redirected to the login form. -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #18 from Jonathan Druart--- (In reply to Marc Véron from comment #16) > I get a software error. > > To reproduce: > - Apply patch > - Log in to OPAC > - In left hand naigation, click on 'ask for a discharge' > Result: > > Software error: > Global symbol "$query" requires explicit package name at > /usr/share/kohaclone/opac/opac-discharge.pl line 102. Oops, sorry about that Marc. Compulsive c/p always result in an error later... -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #16 from Marc Véron--- I get a software error. To reproduce: - Apply patch - Log in to OPAC - In left hand naigation, click on 'ask for a discharge' Result: Software error: Global symbol "$query" requires explicit package name at /usr/share/kohaclone/opac/opac-discharge.pl line 102. -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #14 from Jonathan Druart--- Created attachment 42648 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=42648=edit Bug 5371: Force no caching for private pages at the OPAC In order no to slow too much the browsing, it is certainly not a good idea to add this cache-control value for all pages at the OPAC. This patch just adds where the author found it could be useful. Test plan: 1/ Login at the OPAC 2/ Go on the account page (opac/opac-account.pl) 3/ Click log out 4/ Use the back button of your browser Without this patch you will see the previous page. With this patch, the previous page will be reloaded and you will be redirected to the login form. -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Jonathan Druartchanged: What|Removed |Added Status|In Discussion |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Jonathan Druartchanged: What|Removed |Added Assignee|gmcha...@gmail.com |jonathan.dru...@bugs.koha-c ||ommunity.org --- Comment #15 from Jonathan Druart --- (In reply to Jonathan Druart from comment #13) > I have tried to set force_no_caching to output_html_with_http_headers, but I > always get a "Document Expired" message from my browser (iceweasel), which > is not really kind for users. Hum, it seems I haven't tested correctly yesterday, it works quite well :) -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Jonathan Druartchanged: What|Removed |Added CC||jonathan.dru...@bugs.koha-c ||ommunity.org --- Comment #13 from Jonathan Druart --- I have tried to set force_no_caching to output_html_with_http_headers, but I always get a "Document Expired" message from my browser (iceweasel), which is not really kind for users. -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Mason Jameschanged: What|Removed |Added Status|NEW |In Discussion --- Comment #12 from Mason James --- (In reply to Marc Véron from comment #11) > After a logout, there could be a message similar to the following: > > "Logout privacy warning: Please close this browser window if other persons > have access to this computer." Marc, this is a pretty good idea :) silly me for only considering a technical solution -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Marc Véronchanged: What|Removed |Added CC||ve...@veron.ch --- Comment #11 from Marc Véron --- After a logout, there could be a message similar to the following: "Logout privacy warning: Please close this browser window if other persons have access to this computer." -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Katrin Fischerchanged: What|Removed |Added CC||je...@bywatersolutions.com --- Comment #10 from Katrin Fischer --- *** Bug 14799 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes. You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Owen Leonard oleon...@myacpl.org changed: What|Removed |Added CC||k...@bywatersolutions.com --- Comment #9 from Owen Leonard oleon...@myacpl.org --- *** Bug 13694 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 Mason James m...@kohaaloha.com changed: What|Removed |Added Version|rel_3_2 |master --- Comment #8 from Mason James m...@kohaaloha.com 2011-09-22 08:26:03 UTC --- (In reply to comment #2) patch applied to tag 'v3.02.00' this patch has only been tested in firefox so far, and requires a firefox config-change. edit firefox's 'user.js' file and add this line to it user_pref(dom.allow_scripts_to_close_windows, true); FYI: according to the web-security forums, this is the best/only way to get around this problem an update on this bug... ive come to a situation that i cant find a solution for the patch works *perfectly* for browsers with the 'user_pref(dom.allow_scripts_to_close_windows)' pref set to 'TRUE' so, the good news is library-staff can force this setting on their OPAC's browser, and this patch will work great! the bad news is ... this patch works horribly for browsers with the pref set to 'FALSE' (which is default) and *fails* logging out a person :/ the obvious solution here is to test whether a browser has the 'dom.allow_scripts_to_close_windows' value set to TRUE then execute this js code, or not... sounds easy?, nope... i cant work out a technique to get the 'dom.allow_scripts_to_close_windows' value from a browser (my hunch is that it's probably deliberately impossible to determine that info) so, the original security/privacy issue still remains in MASTER - but this patch is broken -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 M. James m...@kohaaloha.com changed: What|Removed |Added Attachment #2733|0 |1 is obsolete|| --- Comment #6 from M. James m...@kohaaloha.com 2011-07-27 22:33:28 UTC --- Created attachment 4761 -- http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=4761 new patch -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 5371] Back-button in OPAC shows previous user's details, after LOGOUT
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371 --- Comment #7 from Mason James m...@kohaaloha.com 2011-07-27 22:35:54 UTC --- (In reply to comment #6) Created attachment 4761 [details] new patch oops, wrong bug :) - ignore this patch for bug 6636 -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the QA Contact for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/