Hi!
If several forums, say forum A and forum B, are installed on the same webspace and two (different) users choose the same nickname (one in forum A, the other in forum B), then either of these users may log into "his" forum with his password and go to the other forum without logging out - with the effect, that he is logged into the other guy's account 
Best, Daniel
by Auge 
, Sunday, September 12, 2010, 01:03 (4974 days ago) @ daniel
Hello
If several forums, say forum A and forum B, are installed on the same webspace and two (different) users choose the same nickname (one in forum A, the other in forum B), then either of these users may log into "his" forum with his password and go to the other forum without logging out - with the effect, that he is logged into the other guy's account
That's truly a bug. It seems to be caused by the name settings of the cookies (mlf2_*) wich are the same in both forums by default and the PHPSESSID. If you – as the user of forum A – are logged in there, you initialise a session for your nickname. These data (including your nickname) are stored at the server, identified with PHPSESSID. If you change now to the other forum (B), the session is still present (with your nickname of forum A). Forum B will read your cookies (it reads the same cookie names), will find your session and will log in the wrong user.
Possible solution with two independent installations: make the cookie names dependant i.e. from the database table prefixes (wich must be different if only one database is used and should be different with different databases).
Possible solution with partially independant installations: use the same user table in both/all forums. Therefore the table must be upgraded with a field for the forum ID of the registration or it has to be supplemented by a new table if one user is registered for more than one forum on the same server.
In both cases this is future stuff (not yet implemented).
Tschö, Auge
--
Trenne niemals Müll, denn er hat nur eine Silbe!
I'm using different db prefixes and have this problem. Has any tried to fix this?
mlf is my favorite forum app and I really want to use it to host separate forums on one webspace, but this is a deal breaker. :(
I'd try to fix it myself, but I'm afraid it's beyond my expertise.
by Auge , Monday, August 05, 2013, 13:19 (3916 days ago) @ Peter
Hello
If you want to install different forums with different settings and user accounts this is the way.
I'm using different db prefixes and have this problem. ...
Step one done.
Step two: Search in the forum settings for the key session_prefix. Every single installation needs to have different session prefixes. Forum name and address should naturally be different form installation to installation. So you will avoid interferences of the different installations.
These are the settings that should be reviewed.
Tschö, Auge
--
Trenne niemals Müll, denn er hat nur eine Silbe!