 |
|
You are here: Foswiki>Support Web>SupportQuestions>Question1858 (21 Feb 2017, GeorgeClark)Edit Attach
This question about Authentication or Authorisation: Asked
Last User Remembered
-- WesleyJacobs - 21 Feb 2017 System is remembering the last user that logs in. LoginManager is set Foswiki::LoginManager::TemplateLogin I can log in as my user, then have someone else login from another client, I click on a topic or refresh and "presto", I'm now that user from the other client. -- WesleyJacobs - 21 Feb 2017 I've not seen foswiki behave this way. Are you accessing Foswiki via a portal or proxy that might be confusing things? There are a few configuration settings to check. (They are "expert" settings on Security and Authentication - Sessions tab:
{Sessions}{IDsInURLs} = 0
{Sessions}{MapIP2SID} = 0
{Sessions}{UseIPMatching} = 1
The MapIP2SID setting should be unchecked in configure. You could also uncheck the UseIPMatching setting. In a normal Cookies environment, the only way for one user to "steal" another user's identity would be to somehow hijack the FOSWIKISID or SFOSWIKISID cookie. The session ID is a new unique random string generated during login. Unless the browser presents that ID in the cookie, I can't see how a session could be stolen this way.
-- GeorgeClark - 21 Feb 2017
QuestionForm edit
| Subject | Authentication or Authorisation |
| Extension | |
| Version | Foswiki 2.1.3 |
| Status | Asked |
| Related Topics |
Edit | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 21 Feb 2017, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy