6/22/2011 1:40:02 AM
arcplace
Posts: 15
|
Hi
I recognized, that the form filling mechanism for HTTP connections stays active even after the login. kinda handy as you login automatically after a session timeout! 
actually we have a situation, where this "feature" is kinda dangerous. as other form fields on the website use the same id as the one on the loginpage, the admin could accidentially alter contact information or even our client's login to his services.
a possible solution would be to only allow auto filling once or use a timer(fill forms in first 30seconds after opening connection). as this situation probably only applies in rare circumstances, something like this should be a non default option to any http sessions.
or do you have any other ideas?
cheers
chris
|
|
0
• permalink
|
6/23/2011 10:39:51 AM
David Hervieux
Administrator
Posts: 4241
|
Hi,
I added a feature request for that it's a good idea. Thank you
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
10/12/2011 1:01:43 AM
arcplace
Posts: 15
|
what's the state on this feature request? i was hoping for it in 6.5
cheers
|
|
0
• permalink
|
10/12/2011 4:08:05 AM
David Hervieux
Administrator
Posts: 4241
|
Hi,
This is still on the todo list but it was pushed. I will see what I can do for the next small update
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
10/12/2011 4:46:44 AM
arcplace
Posts: 15
|
thanks for the quick answer 
|
|
0
• permalink
|
1/2/2012 1:44:39 PM
David Hervieux
Administrator
Posts: 4241
|
Hi,
This is now in the new beta 6.9.1.0
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
1/10/2012 7:02:37 AM
arcplace
Posts: 15
|
great news, thanks!
i'll try it out soon
|
|
0
• permalink
|
1/25/2012 1:36:32 AM
arcplace
Posts: 15
|
hi
just did some tests with the current beta 6.9.5.0.
as i didn't notice any new options in the http-session after upgrading from 6.5 i just logged in with the same session but couldn't see any change in behavior. editing a user in this web application still automatically overwrites the username with mine
how is this fix you mentioned supposed to work?
|
|
0
• permalink
|
1/25/2012 5:12:54 AM
David Hervieux
Administrator
Posts: 4241
|
The auto login set the username once and does not retry after 30 seconds if you logoff for example. Maybe the delay was to quick?
--
David Hervieux
Devolutions inc.
|
|
0
• permalink
|
1/25/2012 5:34:19 AM
arcplace
Posts: 15
|
even after 3 minutes it's filling the forms so user, pw and login button are still "monitored"
the fix sound reasonable to me but would be even better if the timeout can be configured per session. in my situation this means i have to wait 30 seconds before i can edit a user and in cases, where i enjoy the automatic session relogon i would be able to disable the timeout.
btw. i'm using Win7x64 with IE 9
edited by arcplace on 1/25/2012
|
|
0
• permalink
|