SM16 impersonation & "remember me"
Problem reported by Robert Simpson - May 24, 2017 at 8:32 AM
Submitted
In SM16, if I log in as the site admin, and hit "remember me", then impersonate a user, randomly the next time I pop open the browser and navigate to the site, I'll be automatically logged in as that impersonated user and not the admin user.
I haven't been able to pin down exactly what combination of events has to occur, but it's happening frequently.
 

7 Replies

Reply to Thread
0
Derek Curtis Replied
Employee Post
Thanks for reporting this, Robert. We'll try and replicate here as well. 
Derek Curtis
COO
SmarterTools Inc.
(877) 357-6278
0
echoDreamz Replied
The "Remember me" feature does not seem to remember either. We have lots of reports (mainly Safari) that even with checking the remember me box, they are not remembered and still have to manually login. It seems to be hit an miss.

Christopher

0
Robert Emmett Replied
Employee Post
Chris, are you're users by chance clearing out their browser storage? We use browser local storage it the "Remember Me" is selected. If the browser cache is cleared, it would lose the stored credentials.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
echoDreamz Replied
Yes - First thing we tell them to do (though personally I am not seeing this issue with my local Chrome install on Windows 10, I have stayed logged in as system admin since we first installed v16 (when it released)).

Christopher

0
echoDreamz Replied
To clarify, we tell them to clear browser cache to see if this helps with the "remember me" function. I do see that SM 16 uses the session service out of the box which is great, it appears to be random. Some report they login and within an hour or so they are logged out, others report the issue after leaving the machine idle overnight.

Christopher

0
Robert Simpson Replied
More information for you ...
 
I tested this several times, and when it did finally happen again, it was doing this:
 
Logged in (automatically logged me in with my admin account, as "remember me" was previously selected) and impersonated my own user mail account.

I left both tabs open.  Truthfully, I forgot about them and ran some errands.  Both tabs were open and idle for probably 2hrs before I got back to my desk.

I closed down the browser entirely and re-opened it.  When I navigated to the mail server, it automatically logged me in as my user account and not the admin account.

So there has to be a timeout or something happening where one session expires before the other, and on expiration, the user account is overwriting the remember me data.
0
Derek Curtis Replied
Employee Post
Thanks for the additional info, Robert. We've added this to our list of things to test internally.
Derek Curtis
COO
SmarterTools Inc.
(877) 357-6278

Reply to Thread