Loading...
 
Architecture / Installation

Architecture / Installation


Re: Double log-in: Possible security threat!

posts: 1543 Canada

This is a feature or a bug depending on your use case.

Some people have several Tikis on the same server and they want the login to be shared (and to have Single Sign On). But of course, some don't want this.

The permissions come from the group membership of that username. So user "Mohamed" can be Registered on one site, and admin on another.

in tiki-admin.php?page=login, there are three cookie-related prefs:

Cookie name:
Domain:
Path:


There can also be weirdness with cache.

Please see https://dev.tiki.org/Security for tips on how to report security issues.

Thanks!

M ;-)