jeffbski
commented
8 years ago Closed jeffbski closed 5 years ago
jeffbski
commented
8 years ago 
julianlam
commented
8 years ago Hm, that's quite weird, but I can see how it would happen. Thanks for reporting :smile:
julianlam
commented
8 years ago Hi @jeffbski -- I can't reproduce on my latest version of the session sharing plugin, can you?
jeffbski
commented
8 years ago I'll upgrade and try it. Will post my results here.
It seems that turning on "revalidate" session handling option in this plugin prevents users from being able to directly navigate to their settings page as if they had clicked on it from an email.
They get a 403 Access denied, with a message
You seem to have stumbled upon a page that you do not have access to.
This is true even if the user is currently logged in and has the appropriate cookie to get access. For instance they can go directly to user profile page and then navigate via menu to this page, they just can't go directly there on a fresh page load.
If I change session-handling to "trust" then they can get there directly, but I would prefer to use revalidate if we can get this defect resolved.
I had previously posted this on the nodebb repo before we had discovered it was related to this plugin, so I will link to that and then close that one since it appears to be a problem with this plugin and specifically the revalidate option.
PS. This is an awesome plugin, it is working really well for me other than this issue.