On 10/1/2010 6:12 PM, Remy Blank wrote:
Doki Pen wrote:
Is this because track is detecting an anonymous user and an
authenticated user with the same sid in session_attribute? Isn't this a
security problem? Does this mean that if I go to t.e.o and change my
sid to an existing user and set my email, it will prevent that user from
logging in?
It seems so, at least until the issue has been fixed. That should
probably be done before 0.12.1...
I'm not sure which problem you're talking about here. Using for example
"cboos" as a sid?
Well, fortunately that doesn't seem work, but I'm not sure it's by
design or by accident ;-)
-- Christian
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
