Bug: $doRememberRemoteUser = "1" in lib/TWiki.cfg

does not work properly. If use this Option with restricted view and 2 different users on the same host use the twiki, the second (not authenticaed) one the same twiki identity for views as the first. So view restrictions will be broken.

Because we need read/view restricted Topics/Webs and want to have open view too, I've now installed SessionPlugin and set $doRememberRemoteUser = "0" again.

Test case

Environment

TWiki version:	Feb 2003
TWiki plugins:
Server OS:	Redhat 7.3
Web server:	apache
Perl version:
Client OS:
Web Browser:

-- GuentherFischer - 25 Apr 2003

Follow up

This is a known limitation of the $doRememberRemoteUser flag, it does fails if more then one user accesses TWiki on the same workstation; or if the IP address changes (DHCP lease expire); or if users are accessing a public TWiki through a firewall that maps all internal users to the same IP address.

Fix record

No fix, use one of the session plugins if needed.

-- PeterThoeny - 27 Apr 2003

you know Peter - i'd call this a known liltation of the current implementation of the $doRememberRemoteUser flag, and would leave the bug open - with a request for someone to think of a better implementation (not that we can think of one..)

-- SvenDowideit - 01 Jan 2004