CurseForge

577 - Session being stolen by new logins.

What steps will reproduce the problem?
1. Log in on one machine.
2. Log in on another machine.
3. Return to using first machine.

What is the expected output? What do you see instead?
[Expected]: Continued state of being logged in, links work fine.
[Instead]: First machine is effectively "logged out" and usually ends up getting thrown to a couple ambiguous error messages before you realize it. (i.e. the page you requested no longer exists)

User When Change
Kaelten Jun 24, 2009 at 19:35 UTC Changed status from New to Fixed
Voorije Sep 05, 2008 at 14:53 UTC Create

You must login to post a comment. Don't have an account? Register to get one!

  • 2 comments
  • Avatar of EWOlson EWOlson Sep 11, 2008 at 11:07 UTC - 0 likes

    Actually, this is how all pages *should* work. You are just use to the lax security of the Internet as a whole and therefore expect this to work. Granted, the site should let you know you aren't logged in instead of giving you error pages, but you should not be able to be logged into any web site on multiple computers at the same time. (It is a *huge* security hole.)

  • Avatar of Kaelten Kaelten Sep 08, 2008 at 20:03 UTC - 0 likes

    This is actually a limitation of the central auth server. One I hope to have corrected soon, but it won't be before our batch of releases is done over the next few months.

    WowAce.com & CurseForge.com Adminstrator
    Check out my new addon, OneChoice, it helps you pick quest rewards faster.
    Developer of Ace3, OneBag3, and many other addons and libraries
    Project lead and Mac developer for the Curse Client

  • 2 comments

Facts

Last updated
Mar 30, 2012
Reported
Sep 05, 2008
Status
Fixed - Developer made requested changes. QA should verify.
Type
Defect - A shortcoming, fault, or imperfection
Priority
Medium - Normal priority.
Votes
3

Reported by

Possible assignees