Loading...
 
Architecture / Installation

Architecture / Installation


Re: Double log-in: Possible security threat!

posts: 1539 Canada

This is a feature or a bug depending on your use case.

Some people have several Tikis on the same server and they want the login to be shared (and to have Single Sign On). But of course, some don't want this.

The permissions come from the group membership of that username. So user "Mohamed" can be Registered on one site, and admin on another.

in tiki-admin.php?page=login, there are three cookie-related prefs:

Cookie name:
Domain:
Path:


There can also be weirdness with cache.

Please see https://dev.tiki.org/Security for tips on how to report security issues.

Thanks!

M ;-)

Upcoming Events

No records to display

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.