aC forum: Using multiple computers forces login everytime

Post #11 by Ilija Studen

Ilija Studen — Sat, 26 Dec 2009 05:33:57 CET

activeCollab 2.3 has changed authentication system so users are no longer logged out when they log in from a different computer or device. No hacks are needed.

Post #10 by darren

darren — Fri, 25 Dec 2009 14:54:17 CET

Protobit:
Thank you very much for that patch, HorsePunchKid.

It doesn't work for 2.1 out of the box, but I just edited the source manually, based on the information in the patch file.

P.S.: I too, would very much like to turn this feature off. I completely agree with openmotive, that the iPhone interface is practically useless, if you have to log in every time.

Protobit:

Could you post how you modified this code to work in 2.1 (and higher?) I am trying, and the system just hangs, now -- no page will load anymore! Thanks!!

Post #9 by mcd

mcd — Fri, 01 May 2009 12:39:50 CEST

@Stauer: you can run the whole AC stuff under https, thats no prob

@Horse: thanks, will try that

@AC: another vote. Im running around in the company with my iphone and everytime when i switch between the iphone and my workstation i have to relogin which is very anoying

Post #8 by Protobit

Protobit — Thu, 30 Apr 2009 15:47:53 CEST

Thank you very much for that patch, HorsePunchKid.

It doesn't work for 2.1 out of the box, but I just edited the source manually, based on the information in the patch file.

P.S.: I too, would very much like to turn this feature off. I completely agree with openmotive, that the iPhone interface is practically useless, if you have to log in every time.

Post #7 by openmotive

openmotive — Mon, 02 Feb 2009 22:22:48 CET

Wow. this worked like a charm! Thanks!

Post #6 by HorsePunchKid

HorsePunchKid — Mon, 02 Feb 2009 19:39:26 CET

It's fairly easy to disable this behavior, if you're sure you understand the security implications.

Post #5 by openmotive

openmotive — Fri, 30 Jan 2009 17:07:32 CET

Here's another vote for having an option to turn this off. Nothing is more frustrating than logging into something on the iPhone when all you need to do is check on a ticket or look up some contact information.

Lack of this ability is the only reason I very very very rarely use the iphone version. It's just too painful.

Post #4 by Presentia

Presentia — Wed, 14 Jan 2009 14:12:15 CET

I would also like to see that this behavior was changed a bit, at least so it would be configurable. All respect for having a tight security model, but this is not banking software, neither are most of our customers potential hackers, so to be honest I'm not that worried about session highjacking.

IMO it should be possible to turn off that feature, at least if you're running the site in https as noone between the computers can sniff the sessions then

Post #3 by [user deleted]

[user deleted] — Tue, 02 Dec 2008 18:01:02 CET

Would it be possible to enable some https instead then?

Don't get me wrong - i like that security has been addressed - i just find it really annoying because i use i somehow always manage to launch Active Collab from the wrong browser - and in addition the fact that when i go home and want to check i have to login in again..

/johan

Post #2 by Ilija Studen

Ilija Studen — Tue, 02 Dec 2008 17:51:26 CET

Hi Johan,

This behavior is by design and is implemented the way it is for security reasons (mainly because of session hijacking). It cannot be turned off.