[pmwiki-users] AuthUser behavior after editing page or group attributes

Patrick R. Michaud pmichaud at pobox.com
Fri Apr 6 15:14:22 CDT 2007


On Fri, Apr 06, 2007 at 03:38:07PM -0400, The Editor wrote:
> On 4/6/07, Tony C. <frodo1990 at yahoo.com> wrote:
> > However, whenever I set attributes (i.e. I go to URL?action=attr, enter
> > something in one of the fields, and click on the Save button), I get
> > logged out.
> 
> It's a design feature (I don't like it either) but it's purpose I
> guess is so you can test the new settings to make sure they work : )

It's a design feature to avoid surprise/confusion for newbie 
administrators.

Before this feature was implemented, what would happen is that 
someone would log in (e.g., as the site administrator), use
?action=attr on a page, and then assume/report that passwords 
weren't working because they weren't subsequently prompted
for a password on the page (because they were already logged in
as administrator).

So, to avoid the frequent reports of "?action=attr isn't
setting a password", PmWiki's default is to clear the session 
whenever a password attribute is modified.  This has helped
immensely to avoid confusion.  

Dan reports correctly that it can be disabled -- this is done
with

    $EnablePostAttrClearSession = 0;

(See http://www.pmiki.org/wiki/PmWiki/SecurityVariables .)

Hope this helps!

Pm



More information about the pmwiki-users mailing list