Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
0 votes
735 views
in Q2A Core by
It seems that I'm logged into Bobby Johnson's account and I don't even mean to. My real username is painperdu.

This is a real problem!!
by
edited by
Now, I logged out of Bobby Johnson's account and into my own.

 

Developers do you see this?
by
I was logged into the demo account when it happened.

1 Answer

0 votes
by

Nice catch! This happened because I am running two Q2A installations (demo and this Q&A) on the same domain and the same server, without having a shared user base. The logged-in user ID stored server-side in the PHP session was shared between the two sites, via the session variable named qa_session_userid, even though the same user ID is for completely different users.

I will fix this for the next release, e.g. by including a hash of the database info in the name of the session variable. In the meantime, it's not a problem unless you are also running multiple Q2A sites on the same domain. In the meantime I've also made sure it can't happen on this site again by separating out the user ID ranges.

Again, thanks a lot for catching this!

by
I think there still is a problem. After being logged in here, I went to the demo site, where it said "Hello" and no username. I went to ask a question and got this error on submission:


Database query error 1452
Cannot add or update a child row: a foreign key constraint fails (`dbqademo/qa_posts`, CONSTRAINT `qa_posts_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `qa_users` (`userid`) ON DELETE SET NULL)

INSERT INTO qa_posts (categoryid, type, parentid, userid, cookieid, createip, title, content, format, tags, notify, created) VALUES (NULL, _utf8 'Q', NULL, _utf8 '82', NULL, INET_ATON(_utf8 '80.229.28.142'), _utf8 'Just checking if the slug contain\'s gap\'s where the apostrophe\'s are?', _utf8 'Test\'ing!', _utf8 '', _utf8 'asd', NULL, NOW())
by
Yes, this is the remnant of the original problem, since I made a quick fix to prevent the security issue. You can solve it by clicking 'Logout' in the top right. This will be fixed properly for the next release.
...