Hi. After a week vacation, today I opened my browser, and browsing in www.plainblack.com/webgui, I'm logged in as knowmad!!! I can see all his data and I could change his profile (I didn't, of course). Could it be a problem with wgSession generation? Actually, my wgSession = Qy9EBbiPmFvtpvPfc28PGQ.
F
Are there any other details you can give about what happened that might allow this to be replicated? I've looked through all the logs and I just don't see how this is possible.
When I wrote this message I was logged-in as knowmad (I wrote the bug entry from another browser as faxioman). My IP address is 213.209.215.90 and I'm using firefox 3.0.1 (Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1)
I have no other details :-( As I said, after a week, I come back to plainblack site and I was immediately logged-in as knowmad. I can see his profile, spend his karma, remove his account, see his photo...I was knowmad.
I'm afraid that my sites made with WebGUI (actually we have six web sites with authentication enabled) could have the same problem...
If you have other questions...I'm here.
Thanks.
