Hello,
after upgrade to 5.0, we have discovered a strange problem with login to Sunstone. Steps to (more-or-less) reproduce:
- log in as
oneadmin
- use the Sunstone interface for a while
- sign out (this should lead to the login form)
- without closing a browser tab or window, use this form to log in as a different user
- use the Sunstone interface for a while
The observed behaviour (by two different users with two different browsers on two different workstations) is that occasionally the browser is redirected to https://my.sunstone.addresss/login
instead of doing the desired action. This displays a blank page. Deleting the /login
part from the URL and manually loading the root URL (https://my.sunstone.address/
) gives a Sunstone session logged in as oneadmin
without the need for entering the password.
So I guess there is something in the Sunstone javascript which persists across the signin out and then logging in as an ordinary user.
That said, the “impersonate user” functionality for oneadmin
would be a heplful addition to Sunstone.
Can you look at it? Thanks!