[ic] Session timeout in AI

Grant interchange-users@icdevgroup.org
Fri Nov 22 12:12:00 2002


>> Especially if I log in just to Apply changes and then do nothing.. If I
>want
>> to apply changes again in 20 seconds I get error message that I'm not
>> authorized to do this.. I need to relog in and then apply it.. then it
>> works.. just an observation:)
>
>    When you open IC in another window to test the changes you just made,
>you are probably logging in as another user, which is overwriting the IC
>cookie.
>
>
>Jeff

I've brought this up before and gotten no response, but it seems like
something that needs attention for security's sake.  When you log in to the
UI, the MV_USERNAME and MV_PASSWORD cookies are set containing the
appropriate two values and they are explicitly NOT secure.  Isn't that a bit
of a security issue?  I don't understand why those cookies are even set as
there is no autologin feature for the UI.

- Grant