Back to Community Threads
3
SM16 impersonation & "remember me"
Problem reported by Robert Simpson - 5/24/2017 at 8:32 AM
Submitted
In SM16, if I log in as the site admin, and hit "remember me", then impersonate a user, randomly the next time I pop open the browser and navigate to the site, I'll be automatically logged in as that impersonated user and not the admin user.
I haven't been able to pin down exactly what combination of events has to occur, but it's happening frequently.
 

7 Replies

Reply to Thread
0
Derek Curtis Replied
5/24/2017 at 4:52 PM
Employee Post
Thanks for reporting this, Robert. We'll try and replicate here as well. 
Derek Curtis COO SmarterTools Inc. www.smartertools.com
0
echoDreamz Replied
5/25/2017 at 8:51 AM
The "Remember me" feature does not seem to remember either. We have lots of reports (mainly Safari) that even with checking the remember me box, they are not remembered and still have to manually login. It seems to be hit an miss.
0
Employee Replied
5/25/2017 at 9:22 AM
Employee Post
Chris, are you're users by chance clearing out their browser storage? We use browser local storage it the "Remember Me" is selected. If the browser cache is cleared, it would lose the stored credentials.
0
echoDreamz Replied
5/25/2017 at 9:58 AM
Yes - First thing we tell them to do (though personally I am not seeing this issue with my local Chrome install on Windows 10, I have stayed logged in as system admin since we first installed v16 (when it released)).
0
echoDreamz Replied
5/25/2017 at 9:59 AM
To clarify, we tell them to clear browser cache to see if this helps with the "remember me" function. I do see that SM 16 uses the session service out of the box which is great, it appears to be random. Some report they login and within an hour or so they are logged out, others report the issue after leaving the machine idle overnight.
0
Robert Simpson Replied
5/25/2017 at 3:13 PM
More information for you ...
 
I tested this several times, and when it did finally happen again, it was doing this:
 
Logged in (automatically logged me in with my admin account, as "remember me" was previously selected) and impersonated my own user mail account.

I left both tabs open.  Truthfully, I forgot about them and ran some errands.  Both tabs were open and idle for probably 2hrs before I got back to my desk.

I closed down the browser entirely and re-opened it.  When I navigated to the mail server, it automatically logged me in as my user account and not the admin account.

So there has to be a timeout or something happening where one session expires before the other, and on expiration, the user account is overwriting the remember me data.
0
Derek Curtis Replied
5/26/2017 at 11:05 AM
Employee Post
Thanks for the additional info, Robert. We've added this to our list of things to test internally.
Derek Curtis COO SmarterTools Inc. www.smartertools.com
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Attaching SmarterMail 16.x and Older Domains to New BuildsSmarterMail > Domain/User Configuration and Management
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Random or Semi-Regular Webmail LogoutsSmarterMail > Troubleshooting
Move a Domain from one SmarterMail Server to AnotherSmarterMail > Installation and Configuration