MyBB Community Forums

Hi. I'll post this as a bug because i don't think this is an intended function. If you are an admin and you login regularly and than to the admin panel you will only logout once in the admin panel which if you are not careful allow a person on the same computer to have user cp/ mod cp privileges.

Here's to replicate this bug easily. go to new forum with only the admin user:

on the bottom:
Please welcome our newest member, admin
click on admin
click on Send admin a private message.
login

on: Welcome back, admin. You last visited: Today, 12:38 PM (User CP — Mod CP — Admin CP — Log Out)

Click on admin CP
login again <notes this spot>
click on far right logout.
<now you are logged out of admin>

go back to forums.

You are still logged in as admin. using 1.4.8 and regular file caching settings. if on the other hand you don't log out the admin cp and just the user cp... people can have full access to the admin cp if they know the link.

What?? The ACP has it's own sessions table, if you don't logout of the ACP, doesn't mean anyone else can get inside it... the ACP login sessions and forum login sessions are completely separate.

(2009-08-17, 04:57 PM)MattRogowski Wrote: [ -> ]What?? The ACP has it's own sessions table, if you don't logout of the ACP, doesn't mean anyone else can get inside it... the ACP login sessions and forum login sessions are completely separate.

yeah. this is just the rare occasion you are using a public computer. I didn't say this is a security issue. it's just a bug. but if you log into one the logout should include both sessions if you are an admin.

I don't see how this is any issue. If you logout of the ACP, your ACP session is ended, you'd have to login again when you go to it again...

(2009-08-17, 04:59 PM)someguy Wrote: [ -> ]if you log into one the logout should include both sessions if you are an admin.

Why...??

carelessness on a shared computer? i use other forums and if you are admin you may have to login twice to administer the forum but when you logout you logout as admin period.

(2009-08-17, 05:04 PM)someguy Wrote: [ -> ]carelessness on a shared computer?

Then log out of the ACP, too?

It's not a bug. The AdminCP login is not linked to the forum login in any way. It's much more convenient this way. You just have to log out of the forums & ACP, that's all.

ah so it's a feature. perhaps you can put a redirect in the admincp successful logout back to the forum than since this feature is not that intuitive to some administrators.

Until now, it was intuitive to everyone I guess
Even if it wasn't, it's written here:
http://wiki.mybboard.net/index.php/Admin_CP

Quote:It is important to be aware that the Admin CP has a separate login method, where your session is killed immediately after you close your browser. To maintain this security, you must login to the Admin CP before every session, even if you are logged into the front end.

Next time, you can just check the wiki first, it has nearly everything you may need

I really think it should stay as it is, separate. The good thing about it now is that you can login to the ACP and not show up on the forum, because they're separate. If it changes, I reckon more people would complain that would prefer the change.