At 12:00 +0100 UTC, on 2009-05-07, Christopher Smith wrote: [...] > I'm speculating here. Is it possible the client is sending a valid > dokuwiki credentials cookie? Ooh, good catch! Testing with a few different RSS clients with virginal settings, the problem can not be reproduced. So yes, it must be the RSS client that (ab)uses cookies across different feeds. I guess this can then be considered as merely slightly annoying rss client behaviour, no real security risk. I suppose this means it's not something Dokuwiki needs to even try to avoid. (Let alone *can* avoid. I don't know much about cookies; whether they *can* be made restrictive enough to not allow this.) -- Sander Tekelenburg, <http://www.euronet.nl/~tekelenb/> -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist