On Mon, May 5, 2014 at 11:36 AM, Sven Van Caekenberghe <[email protected]> wrote:
> Hi Andrei, > > Maybe it is not so prudent to discuss such security issues in public. > You're absolutely right. Taking it offline. > > This is probably related to caching, most probably in your proxy, but it > could be a problem in the server as well. From the perspective of the > server, all your requests come from the same origin. I don't know how StHub > is implemented in this respect, there could be some logic error somewhere. > > The thing with proxies is, most people don't have to deal with them, so > those problems are not common. And to debug the situation is even harder, > because you actually need a proxy. > > Sven > > On 05 May 2014, at 11:08, Andrei Chis <[email protected]> wrote: > > > Hi, > > > > We are multiple people behind a proxy and are having some strange issues > with logging in to smalltalk hub. > > > > I can log in successfully but then if my colleagues open their browsers > to log in they are also logged in as me!!!!!! > > Furthermore if I open another browser I'm also logged in as me even if > that shouldn't be happening. > > It even works if I switch to incognito mode with Chrome !!! > > > > Me colleagues can see my homepage including all my private projects. The > good part is that they can't edit or change > > anything as they get an invalid password error when they try. > > > > Still this is bad. Has anyone else experienced this? Can it be some > caching issues with the proxy or with smalltalkhub? > > > > Cheers, > > Andrei > > >
