Interference between two simultaneously logged in users

admin

#1

I have the login plugin installed. Two users have logged in. Information about the other user is being accessed.

At first I thought that it was the ‘remember me’ option, so I turned it off. The problem persists.

I realise the information being given here is minimal, I can provide more, or send a zip with the whole site.

The two users are on different PCs, just accessing the site simultaneously.

There should be no reason for cross-over as they should be in different sessions.

Is there any possibility this vulnerability is due to the latest release?

I need help to isolate this problem as it is undesirable for one user to be affected by another

I am one plugin in particular one called persistent-data to store information about a user from session to session. This may be the cause of the problem. But the data should not be available unless the user has logged in. Since I wrote the plugin and I don’t know what’s happening, I can’t ask the developer :slight_smile:

Also, if it is this plug-in, then naturally I need to know how to fix it to prevent this security breach.

I think there may be some form of caching problem.