Multiple users on one computer, found possible cookie error? joomla cpg bridge Multiple users on one computer, found possible cookie error? joomla cpg bridge
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Multiple users on one computer, found possible cookie error? joomla cpg bridge

Started by knockturnal, January 13, 2006, 05:46:56 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

knockturnal

i have joomla installed with coppermine installed using the mambo bridge provided by coppermine. works fine.

i have my admin account, same username/pass for both joomla and cpg. so when i login i can admin cpg thru joomla.

a problem i noticed, i created a user account to test the page. when i log in as the USER1 (not admin) and click the link to the gallery im logged in the gallery still as admin. when i click logout, on the coppermine menu, it just takes me back to the joomla home. i relogin as USER1 but still logged in the gallery as ADMIN. this error only seems to be machine related.

on another computer i logged in as USER1 click gallery, loged in as USRE1, then logout. i then register USER2, and login, click the gallery, shows that im logged in as USER1 in gallery, even though im logged in as USER2 in joomla.

this error has to be related to cookies i belive.

its not a problem if only one user of a computer registers with your site and only they visit your site. the problem lies in (for example) im building a family photo web site. my brother registers for the site and logins in then views the gallery. my nephew who lives in the same house, uses the same computer, registers in joomla, logs in and visits the gallery. while on the joomla side it shows him as nephew, on the coppermine side it shows him as brother.

normally it wouldn't be a problem right? what if i give my brother rights to admin the gallery? he logs in to change some things. later my punk a-- nephew logs in suddenly he has admin rights, because n coppermine hes seen as brother, and deletes all my albums. this has now become a security issue. im not saying all this happened i just noticed the possiblity.

test it out for yourself


web site is cortneybowden.com. register 2 users then check out the gallery. which ever user you check the gallery out with first is the one you seem to view the gallery as always

Joachim Müller

we definitely won't go through the registration process to do support work. Post the needed non-admin test user accounts.