TECH: Caution: Login data in Listserv URLs!
|From:||Henrik Theiling <theiling@...>|
|Date:||Monday, July 11, 2005, 13:01|
Jeffrey Jones <jsjonesmiami@...> writes:
Caution: the new interface encodes login data in the URL, namely the
session ID and the login name, so you will probably want to edit the
URL before posting it by deleting the X=... and the Y=... values!
The session key expires after a while, of course, but when posting, it
is probably valid for an hour or so. The URLs log in even if the
login cookie is missing! This is very dangerous design in the new