Johnathan Briggs Customers Post Count:16
 |
| 01 Mar 2010 06:37 AM |
|
Hi
I've recently purchase active social and I've been setting up a few test scenarios. I have set up two DNN user accounts but i used the same email for both user accounts.
For this explaination lets call them "user1" and "user2".
If I log into DNN as user 2, everything is fine and as I would expect it (permissions are OK etc), however if I click on an active social page the module thinks I am "User 1" and displays everything as if I was logged in as user1 and not user2.
I've been doing this in two seperate browsers (chrome and IE) so I'd hope this would avoid any session overlap.
Does Active social validate the user on their email address ? or is something else happing? If a user is validated via an email address then isn't this a security problem as a user would simply have to update their email address to gain access to another persons profile?
Johnathan |
|
|
|
|
Will MorgenweckForum Admin Active Modules Staff Post Count:6271
|
| 01 Mar 2010 07:01 AM |
|
Hi Johnathan,
Active Social authenticates users the same way as DotNetNuke. It has absolutely nothing to do with email address. We test with multiple accounts everyday and have never noticed anything like this before.
Thanks,
Will |
|
Will Morgenweck
Active Modules
|
|
|
Smart-ThinkerCustomers Post Count:517
|
| 01 Mar 2010 11:29 AM |
|
Interesting - I had a user report this (for my league module they add a lot of users with the same email address then log in as these users and change their profile) - I have not had time to look into it but it sounds the same as the user reported to me - it proves nothing, but I'll look into it today to confirm:
Here's the users support call:
"I created a number of new profiles: janES, ducp, edwinbackx, colinkelly, colinsmith, arieom
After I log in on for these particular profiles and change them (online screen name and password for example), they are no longer accesable
Or when I log on with 1 profile I get to see the details of the other!!" |
|
thanks
Rodney Joyce
PokerDIY.com - Connecting Poker Players |
|
|
Will MorgenweckForum Admin Active Modules Staff Post Count:6271
|
| 01 Mar 2010 12:09 PM |
|
Well, in that case there could be something going on within DotNetNuke since PokerDIY isn't using the Active Social login control. I bet it has something to do with caching. |
|
Will Morgenweck
Active Modules
|
|
|
Smart-ThinkerCustomers Post Count:517
|
| 01 Mar 2010 01:04 PM |
|
It's on my list for today - will check it out later and report back (I do need to switch to the AS login control and Verfiried - tis true!) - I wasn't taking it too seriously.. |
|
thanks
Rodney Joyce
PokerDIY.com - Connecting Poker Players |
|
|