 Posted: Mon Oct 26, 2009 9:58 pm Post subject: |
|
| This is fixed now, please let me know if you notice any further issue. | |
| Posted: Mon Oct 26, 2009 6:58 pm Post subject: |
|
| I remember when I brought the attention to this matter some time ago (when session id is included in the link). Mario said he'll fixed it, but I did not really tested it after that.
It may be just an offline cached data.. In any case, it should not be happening anyway so I guess it was not fixed completely. Sessions must completely expiry after "logout". |
|
| Posted: Mon Oct 26, 2009 6:04 pm Post subject: |
|
| Thanks,
Yes, I also just tried your test, you are correct, in Firefox, if I push the 'Logout' button and then use the browsers' Back button the session is still active... I'm sure Mario will look into it. |
|
| Posted: Mon Oct 26, 2009 5:58 pm Post subject: Firefox tool cleared the cookies. Login is needed again |
|
| Yes, clearing the cookies worked. Actually Firefox had several checkboxes and it cleared both cookies and "authenticated sessions". That restored security immediately, so I'll keep doing it that way until whenever the Logout button does it all by itself.
Thanks for the encouragement. Gixen is great! |
|
| Posted: Mon Oct 26, 2009 5:47 pm Post subject: |
|
| I agree that sounds like a problem. I think pushing the 'Logout' button should prevent all future use of your current session on the server side, but it sounds like it is not.
The session is stored in a cookie, so deleting them should work as a work around for the time being. |
|
| Posted: Mon Oct 26, 2009 5:39 pm Post subject: Need persistent logoff from Gixen |
|
| Is there a better way to logoff than I'm using?
I am new to Gixen and sniping, but very enthusiastic now. After showing some young computer users how sniping works, I logged off and my account appeared to be hidden. However, we soon noticed that jumping backward several pages in the Firefox recent-page list brought my account back into play, and no matter how many times I click the LogOut button (or even restart Firefox), putting that particular text (gixen.com/home_2.php?username=...) into the address gives access to add/delete/edit bids under my responsibility. No re-entry of my Ebay password is requested or needed by Gixen even after logoff. Before I trust these kids with that kind of access to my Ebay account, I may have to disable this computer. First though, I'll try a few other things like removing all cookies & rebooting. |
|