Re: "Exploit"...
Reply #18 –
You could always deal with that the way MediaWiki does: by making them CLI scripts only. But that doesn't do a lot for those using poor hosts. Mind you, those running poor hosts don't usually get their forums big enough to be up to the 'maintenance taking hours' stage.
Re: "Exploit"...
Reply #21 –
Sure it's a nicety but on the other hand, the forums big enough to actually run into timeouts (because it's > 1 hour), will almost certainly be on VPS type hosting or better anyway.
Re: "Exploit"...
Reply #22 –
Was working on this one and believe I should notice this:
If an admin is logging in there's automatically an admin session initialized.
Do we really need an active admin session on login? Can only speek for myself: I use my account (with admin privileges) permanently but I rarely visit the admin interface..
Re: "Exploit"...
Reply #23 –
Yeah it's a tricky one. My 2c is the same as your 2c, but other admins may be different.
Re: "Exploit"...
Reply #24 –
Well, you have just entered your password... I don't see how not having the admin session initialised would help.
Re: "Exploit"...
Reply #26 –
I've just entered my password but I don't need admin access right now, so the admin session doesn't need to be initialized.
Example: Maybe someone is stealing my session via XSS.. they still cannot access the admin interface, because there isn't an active admin session. I believe it's a benefit regarding security, a small one, but still a benefit. I personally login at forums several times a day but I rarely visit the admin interface... So there's no need to initialize that session.
Re: "Exploit"...
Reply #28 –
I very rarely log into any (live) forum, I'm always logged in, and most of the times I login is just for testing on some localhost... lol
From what I read at sm.org, me and you are just a couple of exceptions, most of the admins out there are spending more time in the admin panel than in the forum itself...