On an upside, if I try to click on the “Promoted to Front Post #1083224” link, the WP-admin tells me “Sorry, you are not allowed to edit this item.”, so it looks like I can’t get away with any hijinks
do me a favor, do not log out or refresh any caches on your end. I’ve refreshed the cache on the server side and I’m curious if you’re logged into the correct account when you visit this page that has the img subdomain.
Is this what it feels like to have Dissociative identity disorder? Or is more of Weird Al’s “I think I’m a clone now; there’s always two of me just a hanging around”?
Could NoScript be breaking your well laid out plans? Granted, on the client side I shouldn’t be able to be Tiki if the server wasn’t sending me the credentials.
this is all stored on the server side with salted cookie hashes and all sorts of stuff that should prevent this completely, but somehow you’re being able to get a cookie that says you’re user #1 and my server is believing you even though there’s no reason that I’m aware of that you’d have the hash.
I’ve cleared one more cache, how’s it looking on your side now?
Still more of the same
on img.myconfinedspace.com, I’m Tiki. On www.myconfinedspace.com, I’m me. And on news.myconfinedspace.com, I’m nobody (Sign in). Signing in on news sent me to news.myconfinedspace.com/wp-login.php with my credentials showing up on auto fill, to then log in just fine. Going back to a news page after refreshing, it has the log out button, but I didn’t see anything that I was logged as any particular user (seen screen snip).
on other img pages, I’m also Tiki.
For your cookie problem, I found some historical documents to help you.
ok, I’ve tracked down yet another caching system for cookies, this one looks much more promising in how it’s going to change what you’re seeing. maybe now you’re not me?
Went to a img tab that I had open, it had no user signed in. Logged in from that one, and the sign in worked as expected. Back to that img tab and it refreshed as me. I came back to this one for Crawford, and refreshed, and now shows signed in as me.
Hopefully you’ve found the leak.
I was gonna recommend you just rename user #1 to Spartacus and just make sure whoever had it that day couldn’t damage anything.
I did nail it down, it’s a thing I’m using to make it so once you log in it refreshes the cookie with the timer to invalidation, WP’s default is to just require everyone to log in every 2 weeks which seems excessive, but I’d rather that than have 20 people be me
If this works like I think it will, it looks like my turn to post as if I was Tiki.
Page welcomes me as if I was Tiki
But www.myconfinedspace.com/page/3/
welcomes me by my actual Nom de Guerre, FullofStars
On an upside, if I try to click on the “Promoted to Front Post #1083224” link, the WP-admin tells me “Sorry, you are not allowed to edit this item.”, so it looks like I can’t get away with any hijinks
do me a favor, do not log out or refresh any caches on your end. I’ve refreshed the cache on the server side and I’m curious if you’re logged into the correct account when you visit this page that has the img subdomain.
Still you, uhm, me.
Is this what it feels like to have Dissociative identity disorder? Or is more of Weird Al’s “I think I’m a clone now; there’s always two of me just a hanging around”?
Could NoScript be breaking your well laid out plans? Granted, on the client side I shouldn’t be able to be Tiki if the server wasn’t sending me the credentials.
(FullofStars, but not FullofShit)
this is all stored on the server side with salted cookie hashes and all sorts of stuff that should prevent this completely, but somehow you’re being able to get a cookie that says you’re user #1 and my server is believing you even though there’s no reason that I’m aware of that you’d have the hash.
I’ve cleared one more cache, how’s it looking on your side now?
Still more of the same
on img.myconfinedspace.com, I’m Tiki. On www.myconfinedspace.com, I’m me. And on news.myconfinedspace.com, I’m nobody (Sign in). Signing in on news sent me to news.myconfinedspace.com/wp-login.php with my credentials showing up on auto fill, to then log in just fine. Going back to a news page after refreshing, it has the log out button, but I didn’t see anything that I was logged as any particular user (seen screen snip).
on other img pages, I’m also Tiki.
For your cookie problem, I found some historical documents to help you.
ok, I’ve tracked down yet another caching system for cookies, this one looks much more promising in how it’s going to change what you’re seeing. maybe now you’re not me?
I’m not you, you are you, I am me.
Went to a img tab that I had open, it had no user signed in. Logged in from that one, and the sign in worked as expected. Back to that img tab and it refreshed as me. I came back to this one for Crawford, and refreshed, and now shows signed in as me.
Hopefully you’ve found the leak.
I was gonna recommend you just rename user #1 to Spartacus and just make sure whoever had it that day couldn’t damage anything.
I did nail it down, it’s a thing I’m using to make it so once you log in it refreshes the cookie with the timer to invalidation, WP’s default is to just require everyone to log in every 2 weeks which seems excessive, but I’d rather that than have 20 people be me
“NO WIRE HANGERS!!”
I was going to post this originally, but then I had that short personality disorder.
You were so much prettier when you were wearing my face