Cannot log out when ALLOW_SITE_ADMIN_COOKIES set
Bug #266309 reported by
Yeshua
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
New
|
Medium
|
Unassigned |
Bug Description
If ALLOW_SITE_
the site-wide administrative password, then logging out
silently fails. It sends you to the "Logged out,
please log in again screen" without actually logging
you out.
Any password entered at this screen, whether or not it
is valid, will let you "log in" again.
[http://
To post a comment you must log in.
The following patch worked for me:
+++ Mailman/ Cgi/admin. py 2009-09-30 12:06:16.000000000 +0200 (mm_cfg. AuthListAdmin) ALLOW_SITE_ ADMIN_COOKIES: (mm_cfg. AuthSiteAdmin)
Auth. loginpage( mlist, 'admin', frontpage=1)
@@ -107,6 +107,8 @@ def main():
# Is this a log-out request?
if category == 'logout':
print mlist.ZapCookie
+ if mm_cfg.
+ print mlist.ZapCookie
return
It removes the (global) site-admin cookie if the "logout" button is clicked in the admin interface of any list.
Gero