You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With Decidim 0.26.2, if someone logs in without registering (using this module) and then clicks the logout link in the top bar, the session is apparently logged out. Instead, the next login of the user (administrator user, for example) causes an unexpected and inadvertent transfer of the previous unregistered user to this other account. Note that if this second user session were an admin user, the new associated user would no longer be an admin user.
To Reproduce
Steps to reproduce the behaviour:
Configure any component that requires to be verified to perform some action (comment, vote, ...)
Sign out
Go to the home page of the newly configured component and try to perform the restricted action
You will be prompted to login or verify without user account, choose "verify without user account"
Complete the data required by the census 'Number of VAT, etc'
Now you are logged in as a new user session, you can perform any action. Then sign out.
Within a few minutes, if you try to log in with the credentials of another pre-existing user (administrator user, for example), even in a new browser session, their account will be logged in with the previous "verified but not registered user" and will be will automatically transfer to it.
Expected behavior
When the verified unregistered user clicks log out, they should be logged out with no possibility of any other user accessing it, neither accidentally transferring their account to this user.
The text was updated successfully, but these errors were encountered:
Describe the bug
With Decidim 0.26.2, if someone logs in without registering (using this module) and then clicks the logout link in the top bar, the session is apparently logged out. Instead, the next login of the user (administrator user, for example) causes an unexpected and inadvertent transfer of the previous unregistered user to this other account. Note that if this second user session were an admin user, the new associated user would no longer be an admin user.
To Reproduce
Steps to reproduce the behaviour:
Expected behavior
When the verified unregistered user clicks log out, they should be logged out with no possibility of any other user accessing it, neither accidentally transferring their account to this user.
The text was updated successfully, but these errors were encountered: