Security: AXS not prompting for password
The AXS admin page (ax-admin.pl or ax-admin.cgi) will prompt for a username and password under these conditions:
Whenever the "Log Out" link is followed
$Passwordvariables are defined in the ax-admin script and your IP address does not match the logged-in IP address stored in the axs.dat file
AXS administrators who always use the same IP address will experience an initial prompt for username and password, but will never be prompted again until they follow the "Log Out" link. (Following that link clears the logged-in IP address from the axs.dat file.) AXS administrators are expected to use that link to explicitly log out whenever they are finished. When the administrator has not explicitly logged out for an extended period of time, it may seem that AXS can be accessed by anyone, but in fact only those with your IP address can freely access the admin page.
Other administrators who do not have
$Password defined will also not experience a prompt for credentials. When those variables are not defined, anyone can access the admin page.
To test the state of your AXS install, do the following:
Visit the main ax-admin script.
If you are immediately challenged for a username and password, then all is well. Your system is running in secure mode.
If you are not challenged, then either your IP address is already logged in, or the username and password variables are blank.
From the bottom of the main page, choose the "Log Out" link. You will be taken the login page.
Without entering a username or password, click the "Authenticate" button. If you are taken to your main page, then the username and password variables are blank, and thus you are running in insecure mode.
If you receive a login error, then go back and try your correct username and password. This means that you are running in secure mode. Always log out explicitly in the future so that you will always be prompted to log in when you visit the page.
Note that if you re-install or upgrade the AXS product, your customized variables may be overwritten. In that case you will have to re-customize the ax-admin script with your desired credentials.
Note: the AXS authentication system is archaic and will one day be replaced with more secure WebAuthEx package used in the other scripts. Please bear with the current system until time can be budgeted for a code update.
"Security: AXS not prompting for password" https://www.xav.com/scripts/axs/help/1504.html