Comment #2 on issue 3001 by mechaneka: Session cookies are stored imporperly
http://code.google.com/p/reviewboard/issues/detail?id=3001
Yep. From my experience I can guess that session cookies never expires. I
mean, we've got session opened long ago, we've reconfigured the virtual
host, and the only option left unchanged was the site name. Then user could
proceed posting reviews, the system didn't ask him for credentials, and due
to configuration changes he actually posted the review under the name of
another user. I think you're storing cookies containing user id from the
database. The database was changed, the id was changed, but the system was
still allowing to use it.
In lots of other systems you should re-enter your credentials after some
time of idleness, but in reviewboard you're always signed in. This could
lead to such a strange actions.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/reviewboard-issues?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
