t; Person A log in to URL xyz, then clicks the logout button, then person
> B
> > > enters the URL abc on the same computer and he is automatically loggged
> > in.
> > > It is important to see the "Exact URL" and exact steps and if possible
> > also
> >
> > the controller.xml entry corresponding to this URL.
> >
> > Taher Alkhateeb
> >
> > - Original Message -
> >
> > From: "Jacques Le Roux"
> > To: dev@ofbiz.apache.org
> > Sent: Wednesday, 29 July, 2015 6:42:03 PM
> > Sub
e the "Exact URL" and exact steps and if possible also
> the controller.xml entry corresponding to this URL.
>
> Taher Alkhateeb
>
> - Original Message -
>
> From: "Jacques Le Roux"
> To: dev@ofbiz.apache.org
> Sent: Wednesday, 29 July, 20
29 July, 2015 6:42:03 PM
Subject: Re: Unauthorized user loggedin
Which version are you using?
Jacques
Le 29/07/2015 17:23, Sumit Pandit a écrit :
> Hi Taher, Appreciate your revert,
>
> Logs has already analyzed, logger is set to warning and nothing is
> available there, it is
Which version are you using?
Jacques
Le 29/07/2015 17:23, Sumit Pandit a écrit :
Hi Taher, Appreciate your revert,
Logs has already analyzed, logger is set to warning and nothing is
available there, it is like normal user login with not error/warning
printed. For user's feedback reference, I
Hi Taher, Appreciate your revert,
Logs has already analyzed, logger is set to warning and nothing is
available there, it is like normal user login with not error/warning
printed. For user's feedback reference, I have a screenshot which he had
shared showing my account of that user.
There are no
Hi Sumit,
You're providing little information to go on with. Can you at least provide
some server logs, the context on which this happened, users feedback, the
environment in which the system is running, which screen, customization
done to the framework?
Taher Alkhateeb
On Jul 29, 2015 5:07 PM, "
Hi All,
Recently for one of the client's deployment, I am getting a serious
security issue -
Some of frontend customers has reported that when they had login to site
then the it was opened as loggedin with different user account. And they
were able to access "my account" of that user.
I can confi