Gossamer Forum
Home : Products : Gossamer Forum : Discussion :

Is this a major bug ?

Quote Reply
Is this a major bug ?
One of my users just posted a link to one of his messages. I think he did this by copying the contents of the address bar in his browser, so the link ended up a
http://www.longhotsummer.co.uk/...634fa77079b40325522f

It seems that now if anyone else clicks on the link, they end up on the boards, but logged on as this user.

Now I'm presuming that this chap doesn't use cookies and hence the URL contains a session ID.
But should (a) the session time out reasonable promptly and (b) should it be tied to an IP address or something similar, or am I misunderstanding what's going on ?
Quote Reply
Re: [davidnavigator] Is this a major bug ? In reply to
Hi,

The session doesn't time out if it's being actively used, but will timeout I believe if it hasn't been used in 60 minutes (config option). Generally it's not recommended to try and authenticate sessions by IP, as quite a few isp's caches will send the user from different ip's each request.

Hope this helps,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] Is this a major bug ? In reply to
Thanks, that makes sense.

Can I add a suggestion then ? When the user pastes into the editor, presumably some code runs to check if what has been pasted is a URL and if it is, then it is formatted in the background. Could that code check if the pasted URL is from this site and then if it contains a session variable, remove the session variable ?