User is able to access admin user tickets module using the URL of a Admin user
Moderator: crythias
User is able to access admin user tickets module using the URL of a Admin user
I have taken two different browser and logged in as a user and Admin Respectively , but when I have taken URL of Admin and put into the User Browser that all the rights of admin get user
Re: User is able to access admin user tickets module using the URL of a Admin user
to reproduce it
1.Login with valid user credentials - User-B (User have a Admin role) .
2. Click on App link , now click on “Ticketing System” link , move mouse over click on "Ticket" tab & click on "Search" link.
3. Now copy the complete URL & paste this URL in another Browser, where User-A already login with User Roles.
4. Observe .
1.Login with valid user credentials - User-B (User have a Admin role) .
2. Click on App link , now click on “Ticketing System” link , move mouse over click on "Ticket" tab & click on "Search" link.
3. Now copy the complete URL & paste this URL in another Browser, where User-A already login with User Roles.
4. Observe .
Re: User is able to access admin user tickets module using the URL of a Admin user
I don't know what
But I guess that you copied some session ID in the URL
links you are reffering to.. Click on App link , now click on “Ticketing System” link
But I guess that you copied some session ID in the URL
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: User is able to access admin user tickets module using the URL of a Admin user
:http://10.10.1.80/otrs/customer.plActio ... DMuaoVUWbV
this is the url
and how i can hide the session id
this is the url
and how i can hide the session id
Re: User is able to access admin user tickets module using the URL of a Admin user
This is a customer session, not an agent session. The session URL typically only shows up if freshly created or no cookies are allowed. Please ensure that you are also using latest vrsion of OTRS
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: User is able to access admin user tickets module using the URL of a Admin user
we are using version 3.3.6
Re: User is able to access admin user tickets module using the URL of a Admin user
This is the url of user with admin role
Re: User is able to access admin user tickets module using the URL of a Admin user
hi Jojo,
Please help me ....
Please help me ....
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: User is able to access admin user tickets module using the URL of a Admin user
go to 3.3.latest and then report back.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Re: User is able to access admin user tickets module using the URL of a Admin user
hi,
i noticed the same behaviour with the latest versione (5.0.19) too. Copy paste admin session from chrome to firefox and see the same session.....
i noticed the same behaviour with the latest versione (5.0.19) too. Copy paste admin session from chrome to firefox and see the same session.....
-
- Znuny guru
- Posts: 2210
- Joined: 13 Mar 2014, 09:16
- Znuny Version: 6.0.14
- Real Name: Rolf Straub
Re: User is able to access admin user tickets module using the URL of a Admin user
Well yes, but that's intended ?
The Session in the URL is a fallback if the cookie cannot be read/set properly. If you then copy the session to a new window/browser you of course keep the session.
What would you guys expect?
The Session in the URL is a fallback if the cookie cannot be read/set properly. If you then copy the session to a new window/browser you of course keep the session.
What would you guys expect?
Currently using: OTRS 6.0.14 -- MariaDB -- Ubuntu 16 LTS