kissybissy Posted November 23, 2006 Share Posted November 23, 2006 When we access the control pannel of the board the url to it is kept in the browser and it allows you to gain access to the administrative section even after the administrator is logged out. Was something done with this new version to make the link expire so if someone uses the computer they cannot get into the administrative section of the board by clicking on the link that's in the browser historic? Link to comment Share on other sites More sharing options...
Amy T Posted November 24, 2006 Share Posted November 24, 2006 It expires for me.I have left the admin window open for a few hours and when I clicked on a link while in it I was redirected back to the log on page. Link to comment Share on other sites More sharing options...
.KX Posted November 24, 2006 Share Posted November 24, 2006 It depends what you have for all the session settings etc. Link to comment Share on other sites More sharing options...
kissybissy Posted November 24, 2006 Share Posted November 24, 2006 it's related then to the time you set for a login session to expire. in my opinion the administrative control pannel link should expire in the moment the administrator logs out. Link to comment Share on other sites More sharing options...
Dlf Posted November 25, 2006 Share Posted November 25, 2006 Session expires after two hours of no use [or something like that]. Link to comment Share on other sites More sharing options...
Mark Posted November 25, 2006 Share Posted November 25, 2006 There is now a log out link in the acp, if you click it, logging out, then try to access the ACP using the session ID from before you logged out, you get an error Link to comment Share on other sites More sharing options...
kissybissy Posted November 25, 2006 Share Posted November 25, 2006 it's good to know. it avoids someone to hijack our session and crack our forum. Link to comment Share on other sites More sharing options...
bfarber Posted November 26, 2006 Share Posted November 26, 2006 Firstly, unless you modify IPB, the ACP session is tied to your IP address. So no one can hijack it, unless they have the same IP address.Secondly, it auto-disables the session after 15 minutes of inactivity.And thirdly, yes, there is now a manual log out link which I would recommend clicking on if clearing the session is a top concern. :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.