Re: Double log-in: Possible security threat!

Architecture / Installation

Forum List Topic List

Re: Double log-in: Possible security threat!

Posted by Marc Laporte 20 May 2012 15:37 GMT-0000 posts: 1633 Canada

This is a feature or a bug depending on your use case.

Some people have several Tikis on the same server and they want the login to be shared (and to have Single Sign On). But of course, some don't want this.

The permissions come from the group membership of that username. So user "Mohamed" can be Registered on one site, and admin on another.

in tiki-admin.php?page=login, there are three cookie-related prefs:

Cookie name:
Domain:
Path:

There can also be weirdness with cache.

Please see https://dev.tiki.org/Security for tips on how to report security issues.

Thanks!

M ;-)

Reads: 712

Link

There are no comments at this time.

Jump to forum:

Upcoming Events

1)	16 May 2024 14:00 GMT-0000 Tiki Roundtable Meeting
2)	20 Jun 2024 14:00 GMT-0000 Tiki Roundtable Meeting
3)	18 Jul 2024 14:00 GMT-0000 Tiki Roundtable Meeting
4)	15 Aug 2024 14:00 GMT-0000 Tiki Roundtable Meeting
5)	19 Sep 2024 14:00 GMT-0000 Tiki Roundtable Meeting
6)	08 Oct 2024 Tiki birthday
7)	17 Oct 2024 14:00 GMT-0000 Tiki Roundtable Meeting
8)	21 Nov 2024 14:00 GMT-0000 Tiki Roundtable Meeting
9)	19 Dec 2024 14:00 GMT-0000 Tiki Roundtable Meeting

Latest Page Changes

...more

Architecture / Installation