vtiger

[ftc]

Hi there....just exploring the wonders of vtiger installed at my site. Well, by pure ignorance, I have found out that by closing the application by the windows x instead of the proper "Logout" , the next user using the vtiger system bypass the login screen and straight to the main menu (with all the information left by the previous user). Any idea? or just the bad habit of not logging out properly???

[johnwong]

Try using .htaccess
You will need to secure your system. This should not be happening.

[kenlyle]

I just verified this issue in 4.2.4rC2.

I close the tab in Firefox, then open a new tab, and enter the vTiger URL, and I get right in without having to authorize.

Probably, there is a cookie that is living too long. This seems like a serious issue in any environment that cares at all about data security. Even if the users are legitimate employees, sometimes they are not supposed to see each others' data.

I found that if I delete both the ck_login_id associated with the vtiger directory and PHPSESSID associated with /, then the login requies me to authenticate.

Hopefully, one of the devs can jump in with a quick fix.

K

[kenlyle]

I just verified this issue in 4.2.4rC2.

I close the tab in Firefox, then open a new tab, and enter the vTiger URL, and I get right in without having to authorize.

Probably, there is a cookie that is living too long. This seems like a serious issue in any environment that cares at all about data security. Even if the users are legitimate employees, sometimes they are not supposed to see each others' data.

I found that if I delete both the ck_login_id associated with the vtiger directory and PHPSESSID associated with /, then the login requies me to authenticate.

Hopefully, one of the devs can jump in with a quick fix.

K