[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-4074) Internet Explorer 7.0 session cache not cleaned
Shervin Asgari (JIRA)
jira-events at lists.jboss.org
Thu Apr 2 10:06:22 EDT 2009
Internet Explorer 7.0 session cache not cleaned
-----------------------------------------------
Key: JBSEAM-4074
URL: https://jira.jboss.org/jira/browse/JBSEAM-4074
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.1.1.GA
Environment: Windows XP
Internet Explorer 7.0
Reporter: Shervin Asgari
Our test developer found something quite strange. We have a page, which is restricted with a admin role.
This is what he did to find the error:
1. Login as admin
2. Click on some of the admin stuff (creating users, listing users etc)
3. Copy url of the admin page
4. Logout
5. Login as user
6. Paste url of admin page
Now in opera and firefox under Linux this didnt work. You got the error page with limited restriction message.
However on windows and Internet Explorer 7, when pasting the url, you can view ALL the admin pages through the url. Listing the users, creating users, the home page of the admin etc. So seams like the cache of Internet Explorer is not properly cleaned.
Now is this a bug in Seam or is the security in Internet Explorer?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list