2 thoughts: 1) I'm pretty sure that youre right -- SecurePage doesn't handle POST properly. It needs to encode the posted variables into hidden fields in the login form, but it doesn't. Patches welcome.
2) If you use your browser's BACK button to go back to the login form, then re-post the user name and password, it will always fail to log you in. This is by design. A unique random ID (I think it's called "loginid") is generated in a hidden variable in the login form and also saved in the session, then it is only allowed to be used once after which it is erased from the session. I put this in for security reasons, so somebody couldn't log out, then have some nefarious individual go up to their machine and use the BACK button to go back to the login page, re-POST it, and therefore get logged back in without having to know the user name and password. Maybe step 2 above is unnecessary paranoia -- any thoughts? - Geoff > -----Original Message----- > From: Steve Freitas [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 12, 2002 3:17 AM > To: Webware Discuss > Subject: [Webware-discuss] Re: Session glitches with actions under > SecurePage? > > > Just a quick followup. I noticed it did it again, this time when an > exception was thrown inside a try-catch block in Page 2. > > If it matters, the exception was smtplib.SMTPRecipientsRefused. > > So instead of logging in, I hit the Back button, which > brought me back to > Page 1. Then I hit Reload, and it demanded a login. > > So, at the very least, something about exceptions is invalidating my > session, I believe. In fact, I remember increased frequency > of this behavior > when I was writing exception handling for code using the > MySQLdb module. > > Steve > > > _______________________________________________________________ > > Sponsored by: > ThinkGeek at http://www.ThinkGeek.com/ > _______________________________________________ > Webware-discuss mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/webware-discuss > _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
