> 1) I'm pretty sure that youre right -- SecurePage doesn't handle POST > properly. It needs to encode the posted variables into hidden fields in the > login form, but it doesn't. Patches welcome.
Okay, that shouldn't be too hard. I'll whip something up. > 2) If you use your browser's BACK button to go back to the login form, then > re-post the user name and password, it will always fail to log you in. This > is by design. Well, I'm not using BACK to go clear back to the login form, just to Page 1, which I'd already logged into. Does your answer still apply here? > Maybe step 2 above is unnecessary paranoia -- any thoughts? "Unnecessary paranoia?" In computer security, there is no such thing. Steve > > - Geoff > >> -----Original Message----- >> From: Steve Freitas [mailto:[EMAIL PROTECTED]] >> Sent: Wednesday, June 12, 2002 3:17 AM >> To: Webware Discuss >> Subject: [Webware-discuss] Re: Session glitches with actions under >> SecurePage? >> >> >> Just a quick followup. I noticed it did it again, this time when an >> exception was thrown inside a try-catch block in Page 2. >> >> If it matters, the exception was smtplib.SMTPRecipientsRefused. >> >> So instead of logging in, I hit the Back button, which >> brought me back to >> Page 1. Then I hit Reload, and it demanded a login. >> >> So, at the very least, something about exceptions is invalidating my >> session, I believe. In fact, I remember increased frequency >> of this behavior >> when I was writing exception handling for code using the >> MySQLdb module. >> >> Steve >> >> >> _______________________________________________________________ >> >> Sponsored by: >> ThinkGeek at http://www.ThinkGeek.com/ >> _______________________________________________ >> Webware-discuss mailing list >> [EMAIL PROTECTED] >> https://lists.sourceforge.net/lists/listinfo/webware-discuss >> > > _______________________________________________________________ > > Sponsored by: > ThinkGeek at http://www.ThinkGeek.com/ > _______________________________________________ > Webware-discuss mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/webware-discuss > _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
