GNU Mailman

Cannot log out when ALLOW_SITE_ADMIN_COOKIES set

Bug #266309 reported by Yeshua
2
Affects Status Importance Assigned to Milestone
GNU Mailman
New
Medium
Unassigned
GNU Mailman 2.1-stable

Bug Description

If ALLOW_SITE_ADMIN_COOKIES is set and you log in using
the site-wide administrative password, then logging out
silently fails. It sends you to the "Logged out,
please log in again screen" without actually logging
you out.

Any password entered at this screen, whether or not it
is valid, will let you "log in" again.

[http://sourceforge.net/tracker/index.php?func=detail&aid=1428413&group_id=103&atid=100103]

Tags: web-cgi
Revision history for this message
Wolf G. Eggers (ge-mm) wrote :

The following patch worked for me:

+++ Mailman/Cgi/admin.py 2009-09-30 12:06:16.000000000 +0200
@@ -107,6 +107,8 @@ def main():
     # Is this a log-out request?
     if category == 'logout':
         print mlist.ZapCookie(mm_cfg.AuthListAdmin)
+ if mm_cfg.ALLOW_SITE_ADMIN_COOKIES:
+ print mlist.ZapCookie(mm_cfg.AuthSiteAdmin)
         Auth.loginpage(mlist, 'admin', frontpage=1)
         return

It removes the (global) site-admin cookie if the "logout" button is clicked in the admin interface of any list.
Gero

Revision history for this message
Wolf G. Eggers (ge-mm) wrote :

Oops, launchpad changed indentation and your python won't like that. ;-)

Since I just started using launchpad (and don't know how to mark code in comments yet), please go to
 http://ge.spline.de/mm/downloads/patch-site_admin_cookies-logout.patch

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.