© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Anthony and I discussed it this morning and I was able to recreate it. When you paste the URL, you are able to get to that item in a community. However, you will never be able to get somewhere else: clicking any links, editing the URL, or even hitting reload will (correctly) give Forbidden.
My guess is that we have some lag in our algorithm for storing login tickets as secure cookies. This would mean that our "leakage" would be restricted to:
1) One user.
2) On one computer.
3) In one brower.
4) Switching between user accounts.
5) For only one HTTP request.
6) Done by pasting a URL.
7) Without closing their browser in between.
This is a very narrow scenario. Moreover, while it is a "leakage" between 2 KARL "users", they almost always will be the same human user.
Thus, my recommendation is that we look at this, but not ahead of other issues.