Jonathan_Bathrough
Member
- Affected version
- 2.3.6
Hello,
I am logging into my site through the login section ("login" Template, pub/App.php) as a regular user named Average Joe, who has no moderator or administrator permissions.
In another browser tab, I log into the Admin Control Panel (Admin CP) using the Administrator account ("login_form" Template, admin/App.php), which has owner permissions for the entire site.
Then, when I log out the Average Joe user from the site, the system unexpectedly logs out the Administrator user from the Admin CP as well. These two users should be completely separated and operate in different environments (pub and admin) with separate App.php instances.
Why does logging out a regular user from pub/App.php automatically log out the superuser from admin/App.php?
Because of this bug, I cannot conveniently debug or customize the login Template for pub/App.php, since I am constantly logged out of the Admin CP.
This issue seems to involve session handling and separation between the public and admin applications. Any guidance or fixes would be appreciated.
This bug may cause seciruty issues.
Thank you.
I am logging into my site through the login section ("login" Template, pub/App.php) as a regular user named Average Joe, who has no moderator or administrator permissions.
In another browser tab, I log into the Admin Control Panel (Admin CP) using the Administrator account ("login_form" Template, admin/App.php), which has owner permissions for the entire site.
Then, when I log out the Average Joe user from the site, the system unexpectedly logs out the Administrator user from the Admin CP as well. These two users should be completely separated and operate in different environments (pub and admin) with separate App.php instances.
Why does logging out a regular user from pub/App.php automatically log out the superuser from admin/App.php?
Because of this bug, I cannot conveniently debug or customize the login Template for pub/App.php, since I am constantly logged out of the Admin CP.
This issue seems to involve session handling and separation between the public and admin applications. Any guidance or fixes would be appreciated.
This bug may cause seciruty issues.
Thank you.
Last edited: