By newbie888 on

I played the drupal user interface for a while having an admin window and a non-admin window open at the same time on a same machine. I played the two windows back and forth for some time and then at one moment, my admin window was automatically logged out and I could no longer log in as admin. It said the password was invalid. The odd thing is, the non-admin user account was intact, but the admin account was corrupted.

This can't be a feature, it must be a bug, a security risk. Am I right? I wiped out everything (including database) to restart. Is there better way to recover if this happens again?

Categories: Drupal 6.x

Comments

mtsanford’s picture

mtsanford commented

http://drupal.org/node/68286

You can't be logged in as two users at the same time on the same browser, since there is only one session per browser. As for super user being banned, it's more likely user error than a bug, but if you can recreate it you should post the steps.

newbie888’s picture

newbie888 commented

I used two separate browser windows, both are the same type of browser (IE). I didn't do a thing directly with databases or user accounts, all I did was to setup a simple testing home page and a simple testing contact page and linked them in primary menu using drupal gui. The two windows interfered with each other. The fact that drupal automatically logged out my admin window and could no longer recognize my admin password there after indicates the corruption in users database. I can't reproduce it because I could not recall the exact concurrent sequences of actions in two separate windows leading to that point. I should have saved the users database record for admin user for incident report. All I know is that it's not safe to run two users at the same time from the same machine.

budgetstockphoto’s picture

budgetstockphoto commented

you need separate browsers NOT separate browser windows, not certain about IE but firefox it certainly keeps the session across all windows.

e.g. admin logged into firefox, and test user logged into IE or chrome or whatever

open a new firefox window and you're still logged in as admin.

also keep an eye on subdomains or you will get a headache, i.e. logging in to "www.mysite.com" and later looking at "mysite.com".

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

Yes, it is the same in IE.

Some browsers have advanced features or extensions that you can turn on to make a different tab/window behave as a whole separate session/cookie but those are not on by default and take time/effort to install.

--
Morris Animal Foundation