The mailing list for listmasters using Sympa

[Miles Fidelman <address@concealed>]

David Verdin wrote:
> This is probably due to customized templates in your instance. These 
> templates were not updated after you upgraded (Sympa never changes 
> anything in customized files in etc or expl). So they still contain 
> placeholders for the password. As of Sympa 5.4, the password are 
> stored in a non reversible fashion (we store a MD5 hash). So the funny 
> looking passwords your users receive are these MD5 hashes.
> Until recently I blamed administrators for keeping such out of date 
> templates but a user of ours pointed that:
> 1- warning about the importance to update templates were not very 
> visible, so it was easy to miss it;
> 2- We still made the password available to mail templates even though 
> it was now pointless.
> So we will change the code (in the beta 7 or beta 8) to stop 
> delivering passwords.
Ok - just edited all the custom templates.  Problem solved.

Re. second problem:
> > Then, clicking on "lost password," and asking for a new password 
> > results in an email with a link it.  Clicking on the link sometimes 
> > leads to a screen for entering a new password, but sometimes leads to 
> > a screen saying:
> >
> >      Sorry, this operation can't be performed
> >
> > A validation link was sent to you on 30 Aug 2010 at 20:38:18. (the 
> > validation link was requested from host 173.76.134.212)
> >
> >      reason
> >
> > The validation link has already been validated from host 
> > 173.76.134.212 .If you did not perform this validation, please report 
> > this confidentiality issue to your mail services administrator.
> >
> > After which, one is logged in.
> One should not. If the link was not valid, then you should not be 
> logged in after clicking it. These are one time tickets. So as soon as 
> they have been clicked, you can't use them anymore.
> Could you please check that you did not have a valid session running 
> prior to clicking the used link?
This problem is repeatable.  I'm logged out, click on the ticket, end up 
logged in, with the above error.

Instead of clicking on the emailed link, I tried cutting and pasting it 
into my browser (SeaMonkey) - same problem.  I then tried cutting and 
pasting it into a different browser (Safari), and all worked properly.  
I think one of two things is happening:

1. I have my list password saved in my browser - it could be 
automatically logging me in when I click on the link. Or,

2. It could have to do with having a cookie left around from the 
previous session.

I expect it's number 1.

Thanks,

Miles





--
In theory, there is no difference between theory and practice.
In<fnord>  practice, there is.   .... Yogi Berra