I hope it’s just on my installation but, I installed 2 InvoicePlane under /var/www/html/ using different directories, mysql, users and password for differents business.
My point is if i’m logged into invoiceplane-a, i’m able to jump into invoiceplane-b with the same user
Without knowing further technical details I assume one thing here:
The cookie placed by IP named ‘ci_session’ works, like all cookies, within the domain. So, if only the path after the TLD changes, the cookie can be read and therefore authentication information can be exchanged between the client and the script.
I suggest that using different usernames (or email addresses) may solve the problem, but perhaps may cause more, like having to log in every single time the other installation was opened once.
+1 @opsecisland yeah of course i’m on the same server and not using domain name URL
So if I understood, basically by using a domain name and/or specify the domain into the cookie I could avoid this situation but it’s fine for me because it’s only available on LAN.
and in my case I mixed 2 none bests practices such as :
IPresolution,
multihosting the same solution into the same IP.
I’m glad this issue will be fix in a further release.