Logout doesn't work?


#1

Hello everyone,

I’ve just installed 1.0.4 and I’m not sure if the following is
the intended behaviour: everytime I click on logout, be it on
admin-webrt.cgi or webrt.cgi, then click on login again, I’m able
to get in without typing any password.

The very first time I’ve logged in, I had the button “Send
authentication info to all scripts on this server.” checked.

I’d like to know if it’s a bug (in the cookie management
perhaps?) or just a misconfiguration issue.

I’d appreciate any info.

Mike

#2

That really doesn’t sound right. Can you turn on “notify me of cookies” and
start from a freshly loaded browser and tell us what it sets for cookies?On Tue, Aug 22, 2000 at 04:03:10AM +0800, Michael J. Maravillo wrote:

Hello everyone,

I’ve just installed 1.0.4 and I’m not sure if the following is
the intended behaviour: everytime I click on logout, be it on
admin-webrt.cgi or webrt.cgi, then click on login again, I’m able
to get in without typing any password.

The very first time I’ve logged in, I had the button “Send
authentication info to all scripts on this server.” checked.

I’d like to know if it’s a bug (in the cookie management
perhaps?) or just a misconfiguration issue.

I’d appreciate any info.

Mike


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

jesse reed vincent — root@eruditorum.orgjesse@fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
. . . when not in doubt, get in doubt. – Old Discordian Proveb


#3

Hello Jesse,

This was tested on both Netscape 4.75 and lynx 2.8.3. All cookie
transfers are the same with either the “Send authentication info
to all scripts on this server.” option enable or not.

The problem still is, when I login with the option enabled… do
some queue transactions… then logout, I can login over and over
again even if I issue an invalid username/password pair. I had
to exit all occurences of the browser to work around the problem.

I’m just wondering if I’m the only one experiencing this?

TIA,
Mike

Enter RT site:
http://www.domain.com/rt/webrt.cgi
Cookies:
RT_USERNAME=

Enter username/password, click login:
http://www.domain.com/rt/webrt.cgi?
Cookies:
RT_PASSWORD=xxxyyyzzzaaabbbccc
RT_USERNAME=mike.maravillo

Click logout:
http://www.q-linux.com/rt/webrt.cgi?display=Logout
Cookies:
RT_PASSWORD=
RT_USERNAME=On Mon, Aug 21, 2000 at 04:16:21PM -0400, Jesse wrote:

That really doesn’t sound right. Can you turn on “notify me of cookies” and
start from a freshly loaded browser and tell us what it sets for cookies?

On Tue, Aug 22, 2000 at 04:03:10AM +0800, Michael J. Maravillo wrote:

I’ve just installed 1.0.4 and I’m not sure if the following is
the intended behaviour: everytime I click on logout, be it on
admin-webrt.cgi or webrt.cgi, then click on login again, I’m able
to get in without typing any password.

The very first time I’ve logged in, I had the button “Send
authentication info to all scripts on this server.” checked.

I’d like to know if it’s a bug (in the cookie management
perhaps?) or just a misconfiguration issue.

.–. Michael J. Maravillo office://+63.2.894.3592/
( () ) Q Linux Solutions, Inc. http://www.q-linux.com/
`–\ Open Source Consultancy / Support / Training / Software Dev’t.


#4

Huh. I’ve not run into something like that in recent memory. Is anyone
else seeing it?

    -JOn Tue, Aug 22, 2000 at 03:02:35PM +0800, Michael J. Maravillo wrote:

Hello Jesse,

This was tested on both Netscape 4.75 and lynx 2.8.3. All cookie
transfers are the same with either the “Send authentication info
to all scripts on this server.” option enable or not.

The problem still is, when I login with the option enabled… do
some queue transactions… then logout, I can login over and over
again even if I issue an invalid username/password pair. I had
to exit all occurences of the browser to work around the problem.

I’m just wondering if I’m the only one experiencing this?

TIA,
Mike

Enter RT site:
http://www.domain.com/rt/webrt.cgi
Cookies:
RT_USERNAME=

Enter username/password, click login:
http://www.domain.com/rt/webrt.cgi?
Cookies:
RT_PASSWORD=xxxyyyzzzaaabbbccc
RT_USERNAME=mike.maravillo

Click logout:
http://www.q-linux.com/rt/webrt.cgi?display=Logout
Cookies:
RT_PASSWORD=
RT_USERNAME=

On Mon, Aug 21, 2000 at 04:16:21PM -0400, Jesse wrote:

That really doesn’t sound right. Can you turn on “notify me of cookies” and
start from a freshly loaded browser and tell us what it sets for cookies?

On Tue, Aug 22, 2000 at 04:03:10AM +0800, Michael J. Maravillo wrote:

I’ve just installed 1.0.4 and I’m not sure if the following is
the intended behaviour: everytime I click on logout, be it on
admin-webrt.cgi or webrt.cgi, then click on login again, I’m able
to get in without typing any password.

The very first time I’ve logged in, I had the button “Send
authentication info to all scripts on this server.” checked.

I’d like to know if it’s a bug (in the cookie management
perhaps?) or just a misconfiguration issue.


.–. Michael J. Maravillo office://+63.2.894.3592/
( () ) Q Linux Solutions, Inc. http://www.q-linux.com/
`–\ Open Source Consultancy / Support / Training / Software Dev’t.

jesse reed vincent — root@eruditorum.orgjesse@fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
And I’m told we do share some common rituals. Our “flame war” is apparently
held in person in their land and called “project meeting”.
-Alan Cox [on “Suits”]


#5

Hmm… I know there’s the IE problem with logging IN… but never heard that.
Have tested it on netscape-navigator 4.72 for freebsd, and netscape-navigator
4.72 for linux, (running under freebsd) and could not reproduce.

-Feargal.

Feargal Reilly,
Systems Administrator,
The CIA.
+353-86-8157621