[Erp5-dev] Security Problem
Klaus Wölfel
k.woelfel at gmx.de
Wed Sep 28 13:13:26 CEST 2005
Hello,
while working on a patch to remove the came_from attribute from the
login_form url when accessing ERP5 after being logged out I
encountered another problem that I can only reproduce irregularly:
Sometimes when I log out in another browser window and after that
access another path in ERP5, It doesent'show the login_form but lets
me view the normal view of the object I tried to access. The only
difference is, that when I access a folder, it doesen't show the
contained objects which indicates that ZSQLCatalog knows, that I am
logged out.
I made sure that I have been logged out from ERP5 as well as from Zope
and Ihad diffrent user names in Zope and ERP5.
The strange thing is, that even when I'm doing this the same way it
seems that this problem occurs only once in about 5 to 10 times.
Any idea anyone?
Klaus
More information about the Erp5-dev
mailing list