[pmwiki-users] AuthUser behavior after editing page or group attributes
Patrick R. Michaud
pmichaud at pobox.com
Fri Apr 6 15:14:22 CDT 2007
On Fri, Apr 06, 2007 at 03:38:07PM -0400, The Editor wrote:
> On 4/6/07, Tony C. <frodo1990 at yahoo.com> wrote:
> > However, whenever I set attributes (i.e. I go to URL?action=attr, enter
> > something in one of the fields, and click on the Save button), I get
> > logged out.
>
> It's a design feature (I don't like it either) but it's purpose I
> guess is so you can test the new settings to make sure they work : )
It's a design feature to avoid surprise/confusion for newbie
administrators.
Before this feature was implemented, what would happen is that
someone would log in (e.g., as the site administrator), use
?action=attr on a page, and then assume/report that passwords
weren't working because they weren't subsequently prompted
for a password on the page (because they were already logged in
as administrator).
So, to avoid the frequent reports of "?action=attr isn't
setting a password", PmWiki's default is to clear the session
whenever a password attribute is modified. This has helped
immensely to avoid confusion.
Dan reports correctly that it can be disabled -- this is done
with
$EnablePostAttrClearSession = 0;
(See http://www.pmiki.org/wiki/PmWiki/SecurityVariables .)
Hope this helps!
Pm
More information about the pmwiki-users
mailing list