Can sign up while signed in

appdotnet / api-spec

App.net API Documentation is on the web at https://developers.app.net. Source for these docs is in the new-docs branch here. Please use the issue tracker and submit pull requests! Help us build the real-time social service where users and developers come first, not advertisers.

https://developers.app.net

950 stars 98 forks source link

Can sign up while signed in #211

Closed tgvashworth closed 12 years ago

tgvashworth commented 12 years ago

Not sure this should be possible.

When this occurs, it causes a weird session or maybe caching issue where it looks like you're still logged into the account you were in before, not the newly signed up one, but when you post it comes from the new account.

berg commented 12 years ago

This could happen if you've got a tab open, open a new tab, sign up, and post in your old tab -- when you post it's just using your session's current cookies. Not sure we can fix this.

mattflaschen commented 12 years ago

You could render the username into a hidden field/data attribute. When you post, include the hidden field too. On the server, the post only succeeds if the form field and actual username (determined from session) match. Otherwise, the message is redisplayed in the input box.