anyone can edit another person's comments

Hello again, I just checked again … it seems that if person A and person B use the same computer (something to do with cookies??) then yes, person B can edit person A’s comment. I tested it this way with one computer. I logged in as person A and posted a comment and then logged out. Then, I logged in as person B, and was able to edit person A’s comment. But, if person A uses one computer, and person B uses another computer, then person B cannot edit person A’s comment. Make sense? Would like to get verification on this … thank you in advance!

Steve,

This sounds like normal behavior. The plugin is designed to work for anonymous commenters (i.e., non-logged in users).

A cookie is stored for that person, which is valid for 5 minutes. If someone were to use the same computer, use the same browser, go to the same post for the user, then yes, they would be able to edit that comment until the timer expired.

Hello Ronald, thank you very much for your follow up and reply … understood! Thanks again, Steve

also, one more quite similar thing is happening, If i commment from device A and then log in from device B, the edit link is not there anymore, it is available only in device A. Uninstalling this thing immediately off my site.

Can someone please explain to me like a 2 year old why this shouldn’t be happening?

1. You left the comment on Device A.
2. You log into Device B.
3. You still see it on Device A and can edit it.

Why is this wrong?

When you leave a comment using this plugin, it stores a secure hash in the database, and it’s tied to a cookie left in your browser.

It doesn’t care whether you are logged in or not. All it cares is if you have the cookie and it syncs up with the hash stored in the database.

Logging into another device, logging out, no effect. And there’s absolutely no reason it should.

It is wrong because –
– A user uses notebook computer to make a comment.
– The user then realizes that he/she has to add up few more things in the comment so he/she has to edit the comment made.
– He/She doesnt have notebook at that time so user decides to use phone to do that.
– USer logs into the website and finds out that the edit link is not there beneath the comment, so he/she cant edit from there.

No offense intended just trying to explain the situation, it is an overall nice and smooth plugin, it is the best comment editing plugin for blogposts but this glitch totally makes it unreasonable.

I understand where you’re coming from. Really, I do.

But without tying comment editing to actual user accounts, simply not possible.

I think at this point it’s the situation of, it’s not a bug but a feature type things. And yes, explaining to users cookie issues and other items is absolutely unreasonable.

I’ll add your request as an enhancement request to my github repo, but at the moment, just not something the plugin was designed/intended for. So on my part it’ll require a rethink.

I’m very sorry you are dissatisfied with the current behavior.

Yes indeed its not a bug. Thanks for consideration. However, I see that
wp ajax edit comment is a good replacement from you for this one. I am using that one with some little tweaks and customization which is perfect for the purpose.

Yayzers! A lot that AEC can do can be currently done using hooks/filters. Just not what’s described above. A bit more involved on that front. I’ll do my best. Thanks for the feedback and truly sorry for an abrasive tone as I misunderstood the problem.

no problem man..!

https://github.com/ronalfy/simple-comment-editing/issues/8

Let’s continue our discussion there if you don’t mind.

I may enlist you in helping test this out. Probably two weeks or so before I can tackle this. I’m overextended atm.

I just released version 1.6.0 which should address the logged in user issue.

1. User is logged in and leaves a comment.
2. User logs in on different device.
3. User sees comment editing.

There’s still a timer, but all should be good.