Hello all, I have analyzed this problem again. What happens is that a given users level of access is imposed on any subsequent user of the SAME system when accessing Dspace under one of the following conditions 1) Once login is attempted within 2-4 mins of the first user's logging out. 2) The subsequent user logs on while the first user is logged into dspace from another location.
For example if User "A" accesses "sys 1" then logs out and User "B" attempts to access the same item on "sys 1" within 2-4 mins then "B" is given user "A"'s level of access whether that means complete access or being denied entry and the logged in user will APPEAR TO BE USER "A". Also if User "A" now logs in on another system say.. "sys 2" then any user who access ANY system that "A" has used, will then have "A"'s level of access imposed on them and see themselves logged in as "A" while "A" is logged in and has accessed the item in question.... I have tested this many times.... Has anyone observed this or solved this issue?? Thanks for any info.. Nigel -----Original Message----- From: Michael White [mailto:[EMAIL PROTECTED] Sent: Monday, May 26, 2008 11:28 AM To: Nigel Pegus Cc: [email protected] Subject: RE: Unplanned user access Hi Nigel, > my concern is that unprivileged users accessing the item > form the outside will in certain cases get access to restricted > content In my experience I don't think this can happen - even if I'm looking at a cached version of a page that seems to suggest I'm logged on when I'm not, as soon as I click to try and access protected content, the authentication/authorisation bits of DSpace kick in and start looking for a valid authentication context - as this context isn't actually there (despite what the cached version of the page is telling me), I can't get access to the protected content . . . > and see themselves logged in as a privileged user... Again, I don't *think* this can happen - as Christophe pointed out, it's not DSpace that is serving a cached version of the page, but the browser "reusing" a locally cached version - so a user will only see themselves logged on if they (or someone else) has previously logged on to the system, and then logged off again, in the same browser session . . . I've certainly not heard of anything like the scenarios you describe actually happening - the problems I hear about are usually the "other way around" - I've had numerous enquiries from our workflow staff relating to things like the "Edit" button not being visible on an item view page - these are always problems relating to a cached version of the item view page - they access an item page, then subsequently log on and go back to that page, but don't get access to the admin features (the give away is always the absence of the "Logged in as" message). Hope that helps. Mike Michael White eLearning Developer Centre for eLearning Development (CeLD) S7, The Library University of Stirling Stirling SCOTLAND FK9 4LA Email: [EMAIL PROTECTED] Tel: +44 (0) 1786 466877 Fax: +44 (0) 1786 466880 http://www.is.stir.ac.uk/celd/ -- The University of Stirling (a charity registered in Scotland, number SC 011159) is a university established in Scotland by charter at Stirling, FK9 4LA. Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not disclose, copy or deliver this message to anyone and any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
