On Tue Apr 21 16:10:09 2015 GMT+0100, pmailkeey . wrote: > On 21 April 2015 at 15:58, Serge Wroclawski <[email protected]> wrote: > > > Seeing the ticket, I think that the behavior here is what I'd expect > > it to be, and what I think many people would expect as well. > > > > It doesn't seem like this is related to iD ignoring cookies, but about > > how you were logged into an account and authorized iD to edit on > > behalf of one of them. I'm not sure that iD could really be doing > > anything radically different. > > > > This is no different than other sites which use cross site > > authentication systems, ie Google, Facebook, etc. > > > > As for it being a security issue- if you logged out of osm.org before > > authenticating yourself from iD, then yes, I see a potential serious > > problem, but that's not what I see reported here. > > > > - Serge > > > > > > > So if I'm logged in to osm as FRED you think it's ok for iD to allow me to > use DERF's account - as that is what happened. > You really should not be logging into anything on a computer that has shared accounts.
DERF and FRED should be using different windows / linux accounts. Phil (trigpoint) -- Sent from my Jolla _______________________________________________ talk mailing list [email protected] https://lists.openstreetmap.org/listinfo/talk
