Security question

[kissybissy]

When we access the control pannel of the board the url to it is kept in the browser and it allows you to gain access to the administrative section even after the administrator is logged out. Was something done with this new version to make the link expire so if someone uses the computer they cannot get into the administrative section of the board by clicking on the link that's in the browser historic?

[Amy T]

It expires for me.
I have left the admin window open for a few hours and when I clicked on a link while in it I was redirected back to the log on page.

[.KX]

It depends what you have for all the session settings etc.

[kissybissy]

it's related then to the time you set for a login session to expire. in my opinion the administrative control pannel link should expire in the moment the administrator logs out.

[Dlf]

Session expires after two hours of no use [or something like that].

[Mark]

There is now a log out link in the acp, if you click it, logging out, then try to access the ACP using the session ID from before you logged out, you get an error

[kissybissy]

it's good to know. it avoids someone to hijack our session and crack our forum.

[bfarber]

Firstly, unless you modify IPB, the ACP session is tied to your IP address. So no one can hijack it, unless they have the same IP address.

Secondly, it auto-disables the session after 15 minutes of inactivity.

And thirdly, yes, there is now a manual log out link which I would recommend clicking on if clearing the session is a top concern. :)