[Phpwebsite-developers] Sign-On Oooops in 8.2

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Just discovered this:

If you delete a user from the database, but, they were signed on at the 
time you deleted them, then they continue to have user access until they 
logout.

Apparently, when someone logs in and a cookie is stored on their machine, 
as long as they don't log out, the cookie stays forever and phpWebsite 
never looks up the userid in the cookie in the database.

Seems like, each time a user opens a browser and comes to the website, and 
is already logged on with a cookie, the system should verify the userid in 
the cookie against the database and delete the cookie if the user is no 
longer in the database.

Has anyone noticed this before? Is there a fix?

If not, can someone point me to the general location and I'll write a patch.

Geoff
www.Hostricity.com