[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Minor secuity concern
- Subject: Minor secuity concern
- From: "Chris Travers" <..hidden..>
- Date: Mon, 18 Sep 2006 21:16:25 -0700
This issue may not be something that can be fixed immediately, nor is
it extremely severe. It just limits the utility of session timeouts.
The browser stores the username and password in the cache, and when
you click the "refresh" button, will resubmit these. This will
re-initialize the session without the user having to enter the
username or password. Of course this requires access to the computer
running the browser, but it is worth noting.