Apigee Developer Portal Kickstart 9.5.11 version allows concurrent user login - Session management not working

[mnimakwala]

Description

User from one machine with its credentials is able to login to another machine

Apigee Info

We are using Apigee OPDK version 4.52.00.

Steps to Reproduce

Steps to reproduce the behavior:

1. Go to 'Drupal web site'
2. Enter 'User id and password'
3. Click on Login buttong
4. User will be login to Drupal
5. Go to another machine and login to 'Drupal website'
6. User will be able to login to Drupal

Actual Behavior

User should be asked that you have already login to one machine. Your session is active on machine 1. Do you want to continue or disconnect previous session.

Expected Behavior

Application to ask for prompt saying 'Your session is active. Do you want to continue or discontinue session'.

Screenshots

NA

Notes

This is vulnerable as session management is not properly maintained in this version.

Version Info

Apigee Developer Portal Kickstart version - 9.5.11
Apigee version - 4.52.00

[kedarkhaire]

Hi @mnimakwala

Thanks for bringing this to our eyes, we will have a internal dicussion on it and will update here.

[kedarkhaire]

Hi @mnimakwala

To be very clear, this issue occurs on all Drupal versions, I checked.
I will address this issue on our next to next release, I have added in our queue, but many things are in process, so it will take some time.

In the mean time, if you are having solution for this issue, we are open for your contribution on this.

Thanks!