November 8, 2006 in Feedback
If i set up a user account and give the info to 2 people, can they both logni and browse the forum at the same time or will one be logged out when the other logs in? will it cause any issues?
Yes they can.I have done this before many times.I have actually been logged in on my own account from 3 different computers all at the same time. Neither will be logged out.
Depends on your settings, in security settings there are a few settings such as test browser / ip for match for sessions. Thoose settings default to no meaning you can do it but if you have modified thoose settings, then it will not be possible.
Not with the new security settings. The cookies are set with IP Information, and the other will be kicked off.
I don't think he will be kicked off, the stronghold cookie is just set on the local computer so for the current session it's probably possible to have a double login from 2 computers (assuming that the check in the session-table only occurs at login)
they won't be kicked off unless you setReset member's log in key upon each log in?If 'yes', each successful log in process will reset the member's auth key which is used in cookies as a password. This will make it impossible to remain logged into more than one computer.
The only time I could see that being an issue is if you had to pay for something or otherwise need some kind of subscription to access a certain forum. If you run forums that have that kind of setup, you'll want to enable those security settings so people dont share 1 login...
So let me ask you, what is the reason to have the security settings there , but you go and turn them off. That totally negates the reasons for securing your site and leaves you open to trouble.Everyone is having issues with hackers, with the old code, and Invision provides a means to mitigate these threats and now you are spending time discussing how to turn it off. That is the bummest ideal I have heard here to date.
So let me ask you, what is the reason to have the security settings there , but you go and turn them off. That totally negates the reasons for securing your site and leaves you open to trouble.
Everyone is having issues with hackers, with the old code, and Invision provides a means to mitigate these threats and now you are spending time discussing how to turn it off. That is the bummest ideal I have heard here to date.
The fact of the matter is that Invision is providing a secure product, and if you want to open it up to security issues, then that is the choice of the admin. But beware of the possible ramifications of this action.
Doing this doesn't really open security issues. There is a difference between a cross-site scripting attack and allowing users to be logged in on different computers at the same time. It's not really a security issue per say, it's more of an admin preference than anything, so please stop acting like the world will end.
This topic is now archived and is closed to further replies.
Started 2 hours ago
Started 3 hours ago
The Old Man
Started Yesterday at 01:09 PM