D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: Orion on March 02, 2009, 08:48:21 PM
-
I note that after you logon to the router from a specific computer, the session remains valid despite clearing the browser cache/rebooting computer etc. Administrative pages can still be accessed using direct urls i.e. http://192.168.0.1/Status/Device_Info.shtml. I assume the router continues to authorize based on MAC address. The only way to force a logout appears to be to access the router's default page and type in a bad/empty password. (or change something that causes a router reboot)
Perhaps in future firmware versions an explicit logout button can be included to kill the router session. This is relevent in shared environments where an administrator may make changes to the router and walk away etc. (on 1.21)
-
I can confirm this as well. but note, that the session does expire.
-
The session will expire quite rapidly. The authentification is IP based.
Security issue? No. Since the (cached) session will only be available shortly through the originating PC it's your PC security that is the real issue (provided you want to warn us/Dlink for unauthorized use by somebody else of the router setup)
-
I realize the router session will eventually expire. It would just be convenient to force a logoff on a shared computer without having to go through the methods I mentioned.
-
???Scenario's:
1. Shared computer, using the same Windows login/password => why worry about router access when you trust that person with all your documents and data?
This scenario there's more chance of messing up the Windows installation than the router setup I guess...
2. Shared computer, different accounts => the cache is not shared in this scenario, so the router should not give access. If it does (?) you have a faulty Windows setup.
I guess this would not be a high score on the feature wish list...