	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cosign Loop Breaking

To: "'Cosign Discussion'" <cosign-discuss@xxxxxxxxx>
Subject: RE: Cosign Loop Breaking
From: Bill Doster <Bill.Doster@xxxxxxxxx>
Date: Tue, 8 Jun 2004 21:33:32 -0400
In-reply-to: <20040608222430.F030734686@smtp1.ec.auckland.ac.nz>
References: <20040608222430.F030734686@smtp1.ec.auckland.ac.nz>
User-agent: Internet Messaging Program (IMP) 3.2.3

> I believe the bad configuration is having the action on the login form set
> incorrectly (at least this is the one I know about). If the action is set
> such that apache redirects (or re-writes the URL) via a GET rather than a
> POST it will lose the data attached, and then the CGI displays the login
> page.
>
> I agree that this is a case of bad configuration, and perhaps, after further
> thought I do not think it would really be worth extra work to detect it. If
> the Sys Admin sets it up incorrectly then that is their fault. Perhaps a
> good thing would be some detailed installation documentation which would
> help this problem (and others) to no end.

If this is a configuration problem, perhaps some kind of "test script" which
acts like a browser and checks for common misconfiguration problems could
be included in the distribution and recommended for vetting new configurations?

Follow-Ups:
- RE: Cosign Loop Breaking
  - From: Brett Lomas

References:
- RE: Cosign Loop Breaking
  - From: Brett Lomas

Prev by Date: RE: Cosign Loop Breaking
Next by Date: Re: Web App Developer documentation ...
Previous by thread: RE: Cosign Loop Breaking
Next by thread: RE: Cosign Loop Breaking
Index(es):
- Date
- Thread