Closed (won't fix)
Project:
Node Agreement
Version:
6.x-1.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
11 Dec 2009 at 08:31 UTC
Updated:
22 Nov 2013 at 22:43 UTC
Jump to comment: Most recent
Comments
Comment #1
infojunkieThanks for your report. Different anonymous users should be required to individually sign the agreement, so that's clearly a bug.
Later, I might add the ability to specify the roles that are required to sign the agreement, among which 'anonymous users' will be present.
Comment #2
d0t101101 commentedNo problem at all, glad to be of help :)
The additional role settings would be great, as some sites might want to allow anonymous user visibility of nodes with an agreement, but I think most would not... It would be virtually impossible to legally enforce an NDA, for example, if an anonymous user accepted it, as all you would have is just their IP address and time.
Please keep up the great work on this module! The functionality of your module is unique, and vital for some types of sites.
Best regards,
.
Comment #3
infojunkieFixed in the latest dev. For anonymous users, their signature is remembered in the session. Please try it (12 hours from now) and let me know if it works!
Comment #4
d0t101101 commentedWill do!
Thank you for the quick response.
Best regards,
.
Comment #5
d0t101101 commentedHello again,
I tested the latest DEV, and the same issue persists. The details:
Anonymous user on PC A agrees to the terms.
Anonymous user on PC B on a different network/IP can see the contents of the node without agreeing.
Looking at the node_agreement_signature table, Anonymous user on PC A creates an entry for the node with a uid of 0. It seems Anonymous on PC B, or any other anonymous user, is able to use this signature again and again.
I suggest the following:
-Not record a signature for any anonymous user
-Implement the role settings you mentioned above, and default to not allowing anonymous user visibility
Best regards,
.
PS. Recording the IP address to a new field might be a good addition in general, for another layer of individual user identification.
Comment #6
infojunkieCan you confirm that your version of node_agreement.module contains the lines:
That's the code used to handle anonymous users separately.
Comment #7
d0t101101 commentedHi Kratib,
Sorry for the slow reply, I was out of town. Indeed, my version has the above code, I grabbed the latest dev version before testing on the 22nd.
Best regards,
.
Comment #8
infojunkieI am officially stopping work on this module.