Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Multiple users on one computer, found possible cookie error? joomla cpg bridge  (Read 4071 times)

0 Members and 1 Guest are viewing this topic.

knockturnal

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Multiple users on one computer, found possible cookie error? joomla cpg bridge
« on: January 13, 2006, 05:46:56 am »
i have joomla installed with coppermine installed using the mambo bridge provided by coppermine. works fine.

i have my admin account, same username/pass for both joomla and cpg. so when i login i can admin cpg thru joomla.

a problem i noticed, i created a user account to test the page. when i log in as the USER1 (not admin) and click the link to the gallery im logged in the gallery still as admin. when i click logout, on the coppermine menu, it just takes me back to the joomla home. i relogin as USER1 but still logged in the gallery as ADMIN. this error only seems to be machine related.

on another computer i logged in as USER1 click gallery, loged in as USRE1, then logout. i then register USER2, and login, click the gallery, shows that im logged in as USER1 in gallery, even though im logged in as USER2 in joomla.

this error has to be related to cookies i belive.

its not a problem if only one user of a computer registers with your site and only they visit your site. the problem lies in (for example) im building a family photo web site. my brother registers for the site and logins in then views the gallery. my nephew who lives in the same house, uses the same computer, registers in joomla, logs in and visits the gallery. while on the joomla side it shows him as nephew, on the coppermine side it shows him as brother.

normally it wouldn't be a problem right? what if i give my brother rights to admin the gallery? he logs in to change some things. later my punk a-- nephew logs in suddenly he has admin rights, because n coppermine hes seen as brother, and deletes all my albums. this has now become a security issue. im not saying all this happened i just noticed the possiblity.

test it out for yourself


web site is cortneybowden.com. register 2 users then check out the gallery. which ever user you check the gallery out with first is the one you seem to view the gallery as always
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Multiple users on one computer, found possible cookie error? joomla cpg brid
« Reply #1 on: January 13, 2006, 07:31:55 am »
we definitely won't go through the registration process to do support work. Post the needed non-admin test user accounts.
Logged

knockturnal

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Multiple users on one computer, found possible cookie error? joomla cpg bridge
« Reply #2 on: January 15, 2006, 09:58:46 pm »
users - cpg1 and cpg2
pass- tester
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.029 seconds with 20 queries.