:: 19-Jul-1999 19:11 (Monday) ::
It’s been a day of boring yet productive coding on stats. I’ve
completely re-written the http_auth / cookie authorization code to make
its behavior much friendlier and predictable. Changes include:
o If user enters incorrect password, browser will re-challenge.
This will eliminate the annoying behavior which required you to
close your browser before re-trying.
o The http_auth (login box) will now accept either email/password or
ID#/password for authorization.
o If authentication from a cookie fails, the cookie is now cleared.
This corrects the previous problem which prevented proper use if
you’d saved a cookie for the login credentials of a now-retired
email address.
o Lots of nice fascist logging and tracking added to help identify
abuse.
Also on the docket for today will be to commit these changes to the
team coordinator authentication code.
I also repaired the problem that was preventing team coordinator
passwords from properly mailing. If you’ve had difficulty obtaining your
coordinator’s password, it should work now.