understanding the occasional presence of ;cid=

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

understanding the occasional presence of ;cid=

Graham Perrin
This post was updated on .
I saw ;cid= on more than a few occasions. I can't say how recently, and I can't recall the browsing environments, but I saw that string often enough to spark my curiosity long before I saw Steve Diamond quote a URL of this type.

@ Nabble

Where, if anywhere, is ;cid= most likely to appear inappropriately? I'm happy to test in a few browsers with some embedded and non-embedded forums created by me.

Regards
Graham

Postscript: <http://n2.nabble.com/forum/Search.jtp?query=%3Bcid%3D&sort=date&local=y&forum=1>
Reply | Threaded
Open this post in threaded view
|

appearance of ;cid= in results of searches of private embedded Nabble fora

Graham Perrin
This post was updated on .
1. make a forum private

2. embed the forum

3. force redirection

4. follow that direction

5. within the redirected embedded private forum: search for something that exists

6. observe the search results.

Observation

Links to found items include the ;cid= string.

Whether the issue is reproducible without forced redirection, I don't know. Haven't tested.

Screen shots



Focus on the status bar of the Safari window; as I mouse over the search results, the ;cid= part of the URL is apparent:



Background

I read <http://n2.nabble.com/reference-from-embedded-search-result-fails-to-lead-to-the-required-post-tp950354p950354.html> and thought, Nabble in Plone … forced redirection.

Regards
Graham
Reply | Threaded
Open this post in threaded view
|

Re: inappropriate presentation of ;cid= in results of searches of private embedded Nabble fora

Steve Diamond
The bug that included the cid parameter in permalinks for embedded forums has apparently been fixed. (That was the source of the links I had posted earlier.) But my results, like yours, Graham, also show the cid parameter present in the search results links. Notice, too, that cid is present not only in the links to the posts but also in the link to the forum (where it says in your example "Found 1 matching posts for xylophone in [link to forum] ...").

Steve
Reply | Threaded
Open this post in threaded view
|

Re: inappropriate presentation of ;cid= in results of searches of private embedded Nabble fora

Hugo <Nabble>
Administrator
The cid value MUST be displayed in forum URLs when the browser blocks third-party cookies. This is not a bug. All you should know is that permalinks don't need this information.

Regards,
Hugo Teixeira
Nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: inappropriate presentation of ;cid= in results of searches of private embedded Nabble fora

Steve Diamond
Hugo <Nabble> wrote
The cid value MUST be displayed in forum URLs when the browser blocks third-party cookies. This is not a bug.
FWIW, this makes perfect sense to me in the context of the search results screen, especially since those links are very unlikely to be used except by the current user who's doing the search.

Steve
Reply | Threaded
Open this post in threaded view
|

cid value, identities and security

Graham Perrin
In reply to this post by Hugo <Nabble>
If a cid value is gained by a Nabble user other than the first user to whom the value was offered, then (for example) might a post by that second user be misinterpreted as a post by the first?

Aiming to understand this from a privacy/security perspective.

Thanks again
Graham

Postscript: edited posts within this topic to use an alternative to the word bug.
Reply | Threaded
Open this post in threaded view
|

Re: cid value, identities and security

Hugo <Nabble>
Administrator
Graham Perrin wrote
If a cid value is gained by a Nabble user other than the first user to whom the value was offered, then (for example) might a post by that second user be misinterpreted as a post by the first?
No. The cid value is tied to the user IP and other variables that keep things secure.

Regards,
Hugo Teixeira
Nabble.com
Reply | Threaded
Open this post in threaded view
|

Re: cid value, identities and security

Graham Perrin
Thanks - resolved :)