-
Notifications
You must be signed in to change notification settings - Fork 0
/
BUGS
30 lines (16 loc) · 948 Bytes
/
BUGS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
############
user creation + auto profile creation (Profile.nickname should EQUAL Profile.id, at first)
############
entering "/" removes Auth Session => AFTER rendered
############
logging out (timeout, or logout and then in another tab pressing a button), then doing a POST/PUT request (security component) -> csrf attack (but its none). Solution, no redirect for post/put, just get. Possibility of adding GET views for non view-post-actions (like Move to Trash)
Alternative: http://www.ad7six.com/entries/view/67/Generic-capability-based-security-%28CSRF-prevention%29
############
AuthComponent /users/login must kill current session after button pressed
##############
User model updateActvity updates modified (which it should not) automagical
###############
Using Back/Forth buttons of the browser still shows TheFlash
###############
Using Back/Forth buttons of the browser results into buttons begin disabled
##############