can 2 people login with same username/pass?

[Wozzzzza]

If i set up a user account and give the info to 2 people, can they both logni and browse the forum at the same time or will one be logged out when the other logs in? will it cause any issues?

[Amy T]

Yes they can.
I have done this before many times.
I have actually been logged in on my own account from 3 different computers all at the same time.
Neither will be logged out.

[Millar]

Depends on your settings, in security settings there are a few settings such as test browser / ip for match for sessions. Thoose settings default to no meaning you can do it but if you have modified thoose settings, then it will not be possible.

[Terry - AKA Dumbledore]

Not with the new security settings. The cookies are set with IP Information, and the other will be kicked off.

[Guest]

I don't think he will be kicked off, the stronghold cookie is just set on the local computer so for the current session it's probably possible to have a double login from 2 computers (assuming that the check in the session-table only occurs at login)

[S.D.]

they won't be kicked off unless you set

Reset member's log in key upon each log in?
If 'yes', each successful log in process will reset the member's auth key which is used in cookies as a password. This will make it impossible to remain logged into more than one computer.

[Cool Surfer]

Not with the new security settings. The cookies are set with IP Information, and the other will be kicked off.

You can be logged from the same ip using opera, firefox, n IE with same or different ip's
And it works fine.

>_< is it good or bad >_<

[Justin]

The only time I could see that being an issue is if you had to pay for something or otherwise need some kind of subscription to access a certain forum. If you run forums that have that kind of setup, you'll want to enable those security settings so people dont share 1 login...

[Terry - AKA Dumbledore]

So let me ask you, what is the reason to have the security settings there , but you go and turn them off. That totally negates the reasons for securing your site and leaves you open to trouble.

Everyone is having issues with hackers, with the old code, and Invision provides a means to mitigate these threats and now you are spending time discussing how to turn it off. That is the bummest ideal I have heard here to date.

[Klass]

So let me ask you, what is the reason to have the security settings there , but you go and turn them off. That totally negates the reasons for securing your site and leaves you open to trouble.

Everyone is having issues with hackers, with the old code, and Invision provides a means to mitigate these threats and now you are spending time discussing how to turn it off. That is the bummest ideal I have heard here to date.

if you have allot of AOL users you hafta turn it off as AOL Ip's change in mid session and forces the users to login Again, Again, Again, etc.
I personally have it on 1 of my sites and off on another I guess it is just a preference per Admin

what is the point to have user validation settings, if it is defaulted to NO when you install?

[Terry - AKA Dumbledore]

The fact of the matter is that Invision is providing a secure product, and if you want to open it up to security issues, then that is the choice of the admin. But beware of the possible ramifications of this action.

[ZuCruTrooper2]

Doing this doesn't really open security issues. There is a difference between a cross-site scripting attack and allowing users to be logged in on different computers at the same time. It's not really a security issue per say, it's more of an admin preference than anything, so please stop acting like the world will end.

[Mark]

Doing this doesn't really open security issues. There is a difference between a cross-site scripting attack and allowing users to be logged in on different computers at the same time. It's not really a security issue per say, it's more of an admin preference than anything, so please stop acting like the world will end.

Well said :thumbsup:

[Terry - AKA Dumbledore]

Doing this doesn't really open security issues. There is a difference between a cross-site scripting attack and allowing users to be logged in on different computers at the same time. It's not really a security issue per say, it's more of an admin preference than anything, so please stop acting like the world will end.

It's not the end of the world, but in my time I have seen many things that most would never expect, and have learned to expect the unexpected. But there is always the eternal optimistic that will paint a rosy picture, but when the opposite happens they are not to be heard from. In the long run this thread is like running into a brick wall of apathy. So I'll just leave with this thought, Why pay for the security to your system, if all you do is turn it off.