View previous topic :: View next topic |
Author |
Message |
dave250 Guest
|
Posted: Mon Oct 26, 2009 5:39 pm Post subject: Need persistent logoff from Gixen |
|
|
Is there a better way to logoff than I'm using?
I am new to Gixen and sniping, but very enthusiastic now. After showing some young computer users how sniping works, I logged off and my account appeared to be hidden. However, we soon noticed that jumping backward several pages in the Firefox recent-page list brought my account back into play, and no matter how many times I click the LogOut button (or even restart Firefox), putting that particular text (gixen.com/home_2.php?username=...) into the address gives access to add/delete/edit bids under my responsibility. No re-entry of my Ebay password is requested or needed by Gixen even after logoff.
Before I trust these kids with that kind of access to my Ebay account, I may have to disable this computer. First though, I'll try a few other things like removing all cookies & rebooting. |
|
Back to top |
|
|
Cupid
Joined: 09 Aug 2007 Posts: 7599 Location: Bristol, UK
|
Posted: Mon Oct 26, 2009 5:47 pm Post subject: |
|
|
I agree that sounds like a problem. I think pushing the 'Logout' button should prevent all future use of your current session on the server side, but it sounds like it is not.
The session is stored in a cookie, so deleting them should work as a work around for the time being. _________________ Mark
Last edited by Cupid on Mon Oct 26, 2009 6:00 pm; edited 1 time in total |
|
Back to top |
|
|
dave250 Guest
|
Posted: Mon Oct 26, 2009 5:58 pm Post subject: Firefox tool cleared the cookies. Login is needed again |
|
|
Yes, clearing the cookies worked. Actually Firefox had several checkboxes and it cleared both cookies and "authenticated sessions". That restored security immediately, so I'll keep doing it that way until whenever the Logout button does it all by itself.
Thanks for the encouragement. Gixen is great! |
|
Back to top |
|
|
Cupid
Joined: 09 Aug 2007 Posts: 7599 Location: Bristol, UK
|
Posted: Mon Oct 26, 2009 6:04 pm Post subject: |
|
|
Thanks,
Yes, I also just tried your test, you are correct, in Firefox, if I push the 'Logout' button and then use the browsers' Back button the session is still active... I'm sure Mario will look into it. _________________ Mark |
|
Back to top |
|
|
Gixen Advertisements
|
Posted: Mon Oct 26, 2009 6:04 pm Post subject: |
|
|
|
|
Back to top |
|
|
nochkin Guest
|
Posted: Mon Oct 26, 2009 6:58 pm Post subject: |
|
|
I remember when I brought the attention to this matter some time ago (when session id is included in the link). Mario said he'll fixed it, but I did not really tested it after that.
It may be just an offline cached data.. In any case, it should not be happening anyway so I guess it was not fixed completely. Sessions must completely expiry after "logout". |
|
Back to top |
|
|
mario Site Admin
Joined: 03 Oct 2006 Posts: 7131
|
Posted: Mon Oct 26, 2009 9:58 pm Post subject: |
|
|
This is fixed now, please let me know if you notice any further issue. |
|
Back to top |
|
|
|