Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Proxy connect does not distinguish using emails or UniqueID

edited November 2010 in Vanilla 2.0 - 2.8
Hi,

I'm using 2.0.14 and the current Proxy connect. Manual install. My website is responding to the Vanilla SSO request with

UniqueID=1
Name=Larry K
Email=xx@mailaddress.com

It all works great. Vanilla auto-magically created the Larry K user.

Then, as a test, I logged out, then logged in as a different user on My website with the same first name, last initial. The SSO response to Vanilla is now

UniqueID=2
Name=Larry K
Email=yy@mailaddress.com

But now I'm logged in to Vanilla as the first user! It seems to be focusing on the Name field, not the UniqueID or email field to determine if the person is new or not.

Is this behavior as designed? Can two people share the same "Name" in Vanilla but have different emails (and be two different logins to Vanilla)?

Thanks.

Comments

Sign In or Register to comment.