Re: Bigfoot/Bellsouth Webmail bug

[jnj () ais-bbs org (James Nerlinger, Jr.)]

> I seem to have found another "bug" with the Bigfoot/Bellsouth Webmail.
> Users can log back into the service from cached pages.  This is a huge
> security hole, especially for users access these services from public
> terminals.  Subsequent users can just use the back button to go back in the
> previous session history and log in as the previous user.


This is not uncommon in web based email & conferencing packages, however,
most are authored to only allow this for a certain amount of time and to
disregard the attempt if the user logged out properly.  Out of curiosity,
did you test this with the two variables of time and a logout?

James