Summary: fix authorization semantics
Created: 2004-12-22 09:01
Status: Closed - fixed in 2.0.beta50
Description: PmWiki's authorization semantics are a bit weird -- for example, in the handling of empty auth passwords when there's an edit password set. This really needs to be made more robust.
I'm testing two Pmwiki 2.0.beta13 installations with authentication and site wide admin passwords. Well, I remember that I've set the same password for admin, attr and edit in both installations and it may be important to catch the problem. Sorry, probably it's unnecessary since I want only an admin password, I'll check it later. When I try to edit a document without entering the password I get the page with the authentication field as expected. But when I go back with the browser button and try to edit it again or edit another pages I can edit and save almost of them, but not all the pages. Some pages I can't edit without entering the password. It seems very strange but I didn't studied the Pmwiki authentication method yet to help you to solve this problem. Could it be a problem with cookies/sessions? May be I need to study more about PHP language to really understand this.