You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Initially I thought this was a security hole on the Session Details page before I twigged that the URLs were different (the direct URL to a session included the www., whereas my typed URLs did not). If I go to http://dddeastanglia.com/, I am not logged in; if I go to http://www.dddeastanglia.com/Session/Details/3136, I am logged in as me and can do everything I can do when I am logged in, such as viewing the admin area, edit my profile, and navigate around the site while remaining logged in.
Perhaps the easiest fix for this is to redirect every, via IIS config or within the app, to one or other of the hostnames so it is always the same.
Does any of that make sense? 😄
The text was updated successfully, but these errors were encountered:
Initially I thought this was a security hole on the Session Details page before I twigged that the URLs were different (the direct URL to a session included the
www., whereas my typed URLs did not). If I go to http://dddeastanglia.com/, I am not logged in; if I go to http://www.dddeastanglia.com/Session/Details/3136, I am logged in as me and can do everything I can do when I am logged in, such as viewing the admin area, edit my profile, and navigate around the site while remaining logged in.Perhaps the easiest fix for this is to redirect every, via IIS config or within the app, to one or other of the hostnames so it is always the same.
Does any of that make sense? 😄
The text was updated successfully, but these errors were encountered: