I have a user that came to me with the following:
She was logged in and started a new topic. Before submitting - in a different tab - she logged out, and logged back in. When she tried to submit she got a _PNFORUM_NOAUTH error.
Is there a way to change this behavior? Is anything being stored in the session? When is the permission check being done?
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- mazdev responded to »Hide "Register new account" and change template to 3 col« 07:50 AM
- mesteele101 created topic »Zikula 1.3.3 - Site Search 1.5.2 - Unable to turn off plug-ins« 07:48 AM
- internetking created topic »password problem« 25. May
- mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
- mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
- mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May
- mdee created topic »How to implement returnpage ?« 25. May
Zikula Blog
- Anatomy of Open Source Projects on Mar 07
- Continuous Review on Mar 01
- Not Invented Here on Feb 24
- How to Contribute Your Code at Github on Jan 13
- 10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
- Submitting Bug Report Tickets That Get Results on Aug 17
- Cozi Tricks #1: Syntax Highlighting on Aug 07
Login
pnForum
-
- Rank: Developer
- Registered: Feb 17, 2005
- Last visit: May 21, 2010
- Posts: 684
Posted: Feb 19, 2007 - 12:42 AM
-
**unknown user**
- Rank: Senior
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 2330
Posted: Feb 22, 2007 - 04:43 AM
This is expected behavior and part of the security of PostNuke. Your best bet is to explain to the client that this is security-related and necessary to ensure the security and integrity of the site.
If a logout occurs during a time when there is data being entered into another browser or tab, that data should be cut/pasted into a 'fresh' form, or it will not work.
It is HIGHLY not recommended to attempt altering this, especially in a forum or comments module, where spam bots are most likely to launch an attack.
It's easier to explain the implications to the client than it is to recover from malicious activity that may be inadvertently let in.
:) -
- Rank: Developer
- Registered: Feb 17, 2005
- Last visit: May 21, 2010
- Posts: 684
Posted: Feb 22, 2007 - 07:30 AM
Thanks for your comment alarconcepts. I was thinking along the same lines.
However quickly browsing over the code of pnForum it seemed to me that quite some low level stuff is being done in the pnForum module bypassing the standard API. That made (/makes) me curious ...
- Moderated by:
- Support
