Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Some really weird things have been happening around my community lately (running Vanilla 0.9.2). A few days ago, one of my members tried to log in but noticed that he was already logged in... under another user's account (these two users don't even know each other). He had not tried to log in under another account, nor had this happened to any other user (including me). Here's the really freaky part... When he found that he was logged in under another user, he had Master Administrative privileges. Neither of those accounts are Master Administrators! I've examined my databases and permissions, but can't find anything that would allow that kind of security problem. Another strange problem is that some users have to log in twice to view discussions, but others only have to log in once. I know this sounds unbelievable, but I'm not making it up. I have screenshots from a few users to prove it. Any suggestions?
This discussion has been closed.