[ previous ] [ next ] [ threads ]
 
 From:  "Dave Warren" <MailList at devilsplayground dot net>
 To:  "Seth Rothenberg" <seth at pachai dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] feature request
 Date:  Sat, 11 Dec 2004 23:57:22 -0700
> How hard would it be to have a hidden parameter
> that specifies the lock file for the session,
> and the logout button deletes that file.
> 
> Each page would check for existance of that file before access.
> 
> What's in the file?  A time stamp.
> If the file is there, but the timer is expired,
> it gets deleted and the requested page is not displayed.
> 
> I'd be interested to hear more about sessions.

HTML programming 101.  There are no sessions.  m0n0wall doesn't need
sessions, so it doesn't create them, attempt to track them, and it
couldn't logout the user even if m0n0wall wanted to without completely
rebuilding the authentication mechanism and hoping no security holes are
introduced in the process.

Is closing your browser such a big deal?


-- 
Sorry, she meant to say "stripped naked and thrown out an airlock"
I'm sorry for any confusion this may have caused.
 -- President Sheridan, B5