One of my users just posted a link to one of his messages. I think he did this by copying the contents of the address bar in his browser, so the link ended up a
http://www.longhotsummer.co.uk/...634fa77079b40325522f
It seems that now if anyone else clicks on the link, they end up on the boards, but logged on as this user.
Now I'm presuming that this chap doesn't use cookies and hence the URL contains a session ID.
But should (a) the session time out reasonable promptly and (b) should it be tied to an IP address or something similar, or am I misunderstanding what's going on ?
http://www.longhotsummer.co.uk/...634fa77079b40325522f
It seems that now if anyone else clicks on the link, they end up on the boards, but logged on as this user.
Now I'm presuming that this chap doesn't use cookies and hence the URL contains a session ID.
But should (a) the session time out reasonable promptly and (b) should it be tied to an IP address or something similar, or am I misunderstanding what's going on ?