[Metalab Issues] #192: Logout in the Issue Tracker doesn't work properly
Metalab Issues
issues at lists.metalab.at
Thu Apr 25 20:29:51 CEST 2013
#192: Logout in the Issue Tracker doesn't work properly
-----------------------+--------------
Reporter: pepi | Status: new
Keywords: wiki, trac |
-----------------------+--------------
Simon Repp just discovered this odd behaviour:
Login to the Metalab Wiki.
Logout of the Metalab Wiki.
Open the Issue tracker.
Click Login.
Expected Behaviour:
You'll get asked for your login credentials since you're not logged into
the Metalab Wiki.
Actual results:
The last user that was logged into the Wiki is automatically authenticated
for the issue tracker.
This should not happen.
Regression:
Firefox in private mode. No cookies are stored, all cookies deleted,
firefox quit and reopened. Behaviour is still the same.
Security implication: Allows impersonification, maybe even unfriendly
takeover of an account.
--
Ticket URL: <https://metalab.at/issues/ticket/192>
Metalab Issues <https://metalab.at/issues>
Metalab is a Hackerspace in Vienna's first district.
More information about the issues
mailing list