Comment #2 on issue 3001 by mechaneka: Session cookies are stored imporperly
http://code.google.com/p/reviewboard/issues/detail?id=3001

Yep. From my experience I can guess that session cookies never expires. I mean, we've got session opened long ago, we've reconfigured the virtual host, and the only option left unchanged was the site name. Then user could proceed posting reviews, the system didn't ask him for credentials, and due to configuration changes he actually posted the review under the name of another user. I think you're storing cookies containing user id from the database. The database was changed, the id was changed, but the system was still allowing to use it. In lots of other systems you should re-enter your credentials after some time of idleness, but in reviewboard you're always signed in. This could lead to such a strange actions.

--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to