Open
Bug 240904
Opened 20 years ago
Updated 2 years ago
When logged in twice to the same installation, it is possible to submit a page as the wrong user, accidentally
Categories
(Bugzilla :: Bugzilla-General, defect, P4)
Tracking
()
NEW
People
(Reporter: timeless, Unassigned)
Details
I'm not sure if i consider this a bug or a feature. accout pref pages don't send the name of the account whose prefs are being saved. steps to reproduce: 1. create 2 or more accounts at your favorite bugzilla installation (might i suggest landfill?) 2. login as user 1. 3. go to preferences and change who you're watching (don't submit) 4. open a new window and go back to your favorite bugzilla installation 5. do a search and realize you need to be logged in as user 2. 6. logout 7. click "Log in" in the footer (don't rely on the silly log in again item, it's confusing and should go away) 8. do your search 9. go get some coffee 10. go back to the first window and finish your change 11. click submit (don't do this on something other than landfill unless you've backed up your settings) actual results: this means that if i change auth credentials in one window and submit a pref change in another window, i've instantly hosed one set of prefs and imported another set. expected results: a warning if my account name or user id don't match the current credentials. include a bookmarkable link to restore credentials (such a link should not include a user id/name, clicking it should result in the same warning) to their current settings. bonus points for including a bookmarkable link to the new settings (again, don't include the user id/name).
Comment 1•20 years ago
|
||
We could always include the userid as a hidden field in the form, and if it doesn't match the cookie, then complain.
Updated•19 years ago
|
QA Contact: mattyt-bugzilla → default-qa
Comment 3•19 years ago
|
||
I say confirm, with two modifications. This problem can happen anywhere, such as when editing bugs. Also, I'd suggest throwing an error, along the lines of "the page you submitted was sent to user ***, but you are currently logged in as ***."
Comment 4•19 years ago
|
||
Yeah, we should just warn the user somehow. It's not a common-enough scenario to create a whole complex feature around.
Assignee: myk → general
Severity: normal → minor
Status: UNCONFIRMED → NEW
Component: Bug Import/Export & Moving → Bugzilla-General
Ever confirmed: true
OS: Windows 2000 → All
Priority: -- → P4
Hardware: PC → All
Summary: pref panels should include enough info to warn users if they're bleeding account info → When logged in twice to the same installation, it is possible to submit a page as the wrong user, accidentally
You need to log in
before you can comment on or make changes to this bug.
Description
•