Hi, a few times now that I found myself logged in as admin when I expected to be normal user. Has anybody experienced the same?
This seems to happen after a while of inactivity, when I then do something I'm loged in as admin even though I was working as normal user before. I don't want to open a bug report yet, because it's kind if difficult to pin down if this is really happening or just my impression.
My normal login uses cookies, but the admin login does not.
I have the same email address for both the admin and the normal user. Is it possible that it sometimes uses the email instead of the username (although I'm not really sure how that would work)?
Cheers
Stephan
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is then when you open and close browser windows, when you actually go through the process of logging on (i.e. as normal user but end up as admin). It might be something to do with cookies which will probably hang around unless you explicitly log of from the wikindx menu.
Regards,
Mark
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think there is definitely something odd. I had the same issue twice today, although I only logged in as normal user today. It was actually in the same window. On one occasion I had just added a new resource, and when I added a file I suddenly was admi. The other one was just now, I had a window already open and just went to the category tree.
I thought about cookies, but I actually cleared all cookies earlier today. Some while ago, when I noticed it for the first time, I inspected all cookies.
Earlier this morning I also changed the email address of the user account, this apparently had nothing to do with it.
As the user is only shown in the footer, it's not easy to see. I now changed the template for the admin to a different one, and now it's easier to notice as all the colours change suddenly.
I'll see if I can figure out if there are reproducable circumstances.
Cheers
Stephan
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Very strange. I haven't come across this before. Let me know if you find anything out. Sessions are also used and it might be that you're on a system that has a quote for session space and so the appropriate authorization session gets lost (although that, you would think, would drop you from admin to readonly not the other way around). config.php gives the option to move session storage elsewhere in case you have problems with space.
Regards,
Mark
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Right, I can reproduce it if I delete the session file on the server.
But why does it then keep me logged in as admin, rather than trhowing me out into read-only, as expected? I cleared the local cookies in the browser several times now and I haven't logged in as admin for quite a while.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
delete cookies, cahce and active logins in the browser.
at the same time, also delete session files on server.
then I'm thrown into read-only mode, as expected. (also thrown ot of this forum, so I have to retype everything now :-)
login as user, I can work as user. A new session file is created on server.
now delete session file on server and I'm suddenly logged in as admin, even though I never entered a password, and the login details shouldn't be in the browser as I deleted the cookies, cache and logins earlier.
Also on the server, a new session file is created with the same name as the one I deleted earlier.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I still don't understand it completely, but I had this problem frequently until a few days ago, when it seems that I fixed it. In admin, I had the setting "remember me" not selected, and now I changed it to "remember me". I guess what happened was the following:
some time in the past I had the admin "remember me" which created a login cookie.
when I changed to "don't remember me" that cookie was not deleted at logout.
occasionally the login for the normal user expired but it still had the old login for the admin, so i was thrown into admin.
when I changed the admin setting to "remember me" and then logged out, it deleted the admin login cookie as it should
Anyway, I haven't had the issue for a few days now, whereas it happened several times per day before.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Mark, don't worry too much. As it doesn't seem to affect anybody else, it might be some glitch in my server. It definitely has to do with deleting session cookies on the server (if I delete them manually on the server, I get logged in as superadmin), but I don't understand how exactly.
Please don't spend much time on it though.
Stephan
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, a few times now that I found myself logged in as admin when I expected to be normal user. Has anybody experienced the same?
This seems to happen after a while of inactivity, when I then do something I'm loged in as admin even though I was working as normal user before. I don't want to open a bug report yet, because it's kind if difficult to pin down if this is really happening or just my impression.
My normal login uses cookies, but the admin login does not.
I have the same email address for both the admin and the normal user. Is it possible that it sometimes uses the email instead of the username (although I'm not really sure how that would work)?
Cheers
Stephan
Hi Stephan,
Is then when you open and close browser windows, when you actually go through the process of logging on (i.e. as normal user but end up as admin). It might be something to do with cookies which will probably hang around unless you explicitly log of from the wikindx menu.
Regards,
Mark
Hi Mark,
I think there is definitely something odd. I had the same issue twice today, although I only logged in as normal user today. It was actually in the same window. On one occasion I had just added a new resource, and when I added a file I suddenly was admi. The other one was just now, I had a window already open and just went to the category tree.
I thought about cookies, but I actually cleared all cookies earlier today. Some while ago, when I noticed it for the first time, I inspected all cookies.
Earlier this morning I also changed the email address of the user account, this apparently had nothing to do with it.
As the user is only shown in the footer, it's not easy to see. I now changed the template for the admin to a different one, and now it's easier to notice as all the colours change suddenly.
I'll see if I can figure out if there are reproducable circumstances.
Cheers
Stephan
Very strange. I haven't come across this before. Let me know if you find anything out. Sessions are also used and it might be that you're on a system that has a quote for session space and so the appropriate authorization session gets lost (although that, you would think, would drop you from admin to readonly not the other way around). config.php gives the option to move session storage elsewhere in case you have problems with space.
Regards,
Mark
Right, I can reproduce it if I delete the session file on the server.
But why does it then keep me logged in as admin, rather than trhowing me out into read-only, as expected? I cleared the local cookies in the browser several times now and I haven't logged in as admin for quite a while.
There is something not right here. Steps:
delete cookies, cahce and active logins in the browser.
at the same time, also delete session files on server.
then I'm thrown into read-only mode, as expected. (also thrown ot of this forum, so I have to retype everything now :-)
login as user, I can work as user. A new session file is created on server.
now delete session file on server and I'm suddenly logged in as admin, even though I never entered a password, and the login details shouldn't be in the browser as I deleted the cookies, cache and logins earlier.
Also on the server, a new session file is created with the same name as the one I deleted earlier.
I'll look into it Stephan.
Anyone else experiencing this?
Mark
I still don't understand it completely, but I had this problem frequently until a few days ago, when it seems that I fixed it. In admin, I had the setting "remember me" not selected, and now I changed it to "remember me". I guess what happened was the following:
Anyway, I haven't had the issue for a few days now, whereas it happened several times per day before.
Thanks Stephan,
I'll investigate cookies later today.
Mark
Hi Mark, don't worry too much. As it doesn't seem to affect anybody else, it might be some glitch in my server. It definitely has to do with deleting session cookies on the server (if I delete them manually on the server, I get logged in as superadmin), but I don't understand how exactly.
Please don't spend much time on it though.
Stephan
Had a bit of a poke around and everything appears to be behaving as it should including the action/result of remember me or not.
I'll leave it for now.
Mark