Security Bug? After timeout log

  • Resolved mg

    (@marcgeldon)


    8 years, 5 months ago

    I really like your plugin and it’s a big helping tool for me.

    But I have the following problem: if I switched to a user and this user gets logged out (because of the timeout), the plugin offers me to switch back to “Administrator” on the login page.

    Have a look at the screenshot: https://fs5.directupload.net/images/160928/vn8zg8zf.png

    Now I click on “Switch back…” and I am logged in as the administrator.

    I think this is a security bug? Or is it a feature?

    Hope to hear from you soon.

    Kind regards,

    Marc

Viewing 1 replies (of 1 total)
  • Plugin Author John Blackbourn

    (@johnbillion)

    WordPress Core Developer

    Thanks for the message, @marcgeldon. The reason this functionality exists is so you can use the ‘Switch Off’ functionality and then switch back again.

    When you switch to a user, User Switching’s cookies (which remember the user you switched from) should have the same expiration time as the main auth cookie (two days if you didn’t check the “Remember me” checkbox when you logged in).

    I’ll test this functionality to make sure it’s behaving as expected.

Viewing 1 replies (of 1 total)
  • The topic ‘Security Bug? After timeout log’ is closed to new replies.