|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Login security issue.website in ADS. The script I have is working, I can change the password, then login with a workstation with the new password and the old password won't work. However, if I connect to a website requiring basic authentication, both passwords work. I've tried closing all browsers to make sure its not locally cached, plus I've even logged in from a workstation that had no browsers open and had not previously been authenticated. It seems to take about 20 minutes for till the old password stops working, 20 minutes is the same as the session timeout. Could I be reconnecting to the same session even though I've closed all browsers? Any ideas on how not to have this happened? TIA
Show quote
Hide quote
"Michael" <michaelt***@hotmail.com> wrote in message This explains it:news:ujpUjUjLFHA.1948@TK2MSFTNGP14.phx.gbl... > I've setup an ASP page to allow users to change their password from a > website in ADS. The script I have is working, I can change the password, > then login with a workstation with the new password and the old password > won't work. > > However, if I connect to a website requiring basic authentication, both > passwords work. I've tried closing all browsers to make sure its not > locally cached, plus I've even logged in from a workstation that had no > browsers open and had not previously been authenticated. > > It seems to take about 20 minutes for till the old password stops working, > 20 minutes is the same as the session timeout. > > Could I be reconnecting to the same session even though I've closed all > browsers? > > Any ideas on how not to have this happened? http://support.microsoft.com/default.aspx?scid=kb;en-us;152526 -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS Thanks for the info. I couldn't find that KB when I was looking, wasn't sure
what was being cached. Show quoteHide quote "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message news:ezzm2tkLFHA.3788@tk2msftngp13.phx.gbl... > "Michael" <michaelt***@hotmail.com> wrote in message > news:ujpUjUjLFHA.1948@TK2MSFTNGP14.phx.gbl... >> I've setup an ASP page to allow users to change their password from a >> website in ADS. The script I have is working, I can change the password, >> then login with a workstation with the new password and the old password >> won't work. >> >> However, if I connect to a website requiring basic authentication, both >> passwords work. I've tried closing all browsers to make sure its not >> locally cached, plus I've even logged in from a workstation that had no >> browsers open and had not previously been authenticated. >> >> It seems to take about 20 minutes for till the old password stops >> working, >> 20 minutes is the same as the session timeout. >> >> Could I be reconnecting to the same session even though I've closed all >> browsers? >> >> Any ideas on how not to have this happened? > > This explains it: > http://support.microsoft.com/default.aspx?scid=kb;en-us;152526 > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running > IIS > > |
|||||||||||||||||||||||
Other interesting topics