Did you know that if you paste a link to a friend and you are logged in at the time when they click the link,they log in under your ID. This happened earlier tonight...And, has happened before.
So I tried something...I logged out,then typed search by artist on their name, but before I even typed their name I was logged into thier ID ...(while they were logged into their name).This was all simutaenously done.
So wierd???

Yes. Always be VERY careful when you copy paste links. NEVER include in a link your ID info. (anything that looks like this at the end of a Renderosity URL); &Form.sess_id=4452288&Form.sess_key=218477351 Or, you can end up doing exactly what you described. And, I know its a pain, but you should ALWAYS log out/log in, not just close the browser window. AgentSmith

I know that now,and I do get lazy about just shutting the browser off. No more though.

One small good thing, if anyone were to accomplish this, they could usually only load up a handful of pages before it wouldn't work anymore. AS

But really it's not like there is any big secrets here .So can't worry about it.Anything on the internet is avail to the public .Just a matter of how bad one wants something. Locks are only for the innocent.

I pasted a link to a DAZ item to a friend while chatting on AIM last week - she used that link to look at the item, then added it to her cart - or so she thought. Turns out she'd added it to MY cart!!

........or I suppose you could mess with someone's gallery? Post nudey pics or whatever.

...delete everything...

... get them banned ... Scary.

Quote: I pasted a link to a DAZ item to a friend while chatting on AIM last week - she used that link to look at the item, then added it to her cart - or so she thought. Turns out she'd added it to MY cart!! Did'nt she notice that the page layout colors were different? Unless her Renderosity setup is the same as yours. LOL That's how we figured it out right away.

okay, this is a security hole the size of texas. i had no idea about it. and i'm sorry, but it's horrible... sessionkeys should be cookie-based, not user-based... i'm shocked. drac

dBgrafix : It was a DAZ link, not Renderosity, although probably wouldn't notice here either - I just leave the default page setup ;-)

Echo Drac. Within the current legal climate there are certain liability and regulatory issues. California Civil Codes 1798.29 and 1798.82 jump to mind. (also collectively referred to as SB1386) These apply irrespective of where the information and business is actually homed - and apply to entities doing business with CA based merchants or residents. Thank a poor security implementation A Guess for that...

I didn't know that happened. That is really awful. I don't usually post links to my gallery since it is almost non-existent, but still. I realize people can get into stuff if they really tried, but it shouldn't be this easy.

...So I could pretend to be...er....Drac....for example? HEHEHEH!