The secrete means nothing in URL after first connect

[bigstusexy]

On windows:

After the first time a client connects, the secrete does not matter in the URL. One can enter anything into where the secrete is to be and it will still connect and take commands. It's like there is a session cookie that it uses. A restart of the server does kill all sessions and thus the secrete in the URL is evaluated again.

I've seen this before but I just tested it with ver 1.5.2