Support

Admin Tools

#30072 Forbid frontend Super Administrator login - now working

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Sunday, 09 September 2018 17:17 CDT

jjst135
Hi!

We have this option set to 'YES':

Forbid frontend Super Administrator login

But when we are logged in in the backend as super admin and we go to the frontend of the sit we are logged in as super user. Even without login in. It seems like the backend and frontend logins (sessions) are shared?

Should this happen? I believe this is new behavior for our sites. I have not seen this happen before. Not sure what changes (updates) might have caused this...

Any thoughts?

tampe125
Akeeba Staff
Hello,

can you please take a look at your Joomla Global Configuration, option Shared Sessions?
What you're describing it's the exact behavior of this option being turned on.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

jjst135
Yes, the shared sessions was enabled. After disabling it the frontend did not auto-login anymore.

I am not sure if I want this to be enabled or not ;-) On most sites we are the only admin user. But some have content managers that login to the backend. For them it would be OK to share the session maybe... I'll have to think about this.

Maybe there is a way to let AdminTools set an option to disable shared sessions for super admin users? Not sure if that would make the CMS safer, but it would benefit our workfow maybe ;-)

Not a big deal. Just wondering. Since we have disabled frontend login voor super admins in AdminTools it would be logical to also not allow the shared session for these users?





jjst135
Are shared session a security risk at all? Would you recommend disabling this? Or is this safe to use?

tampe125
Akeeba Staff
I think it's the same risk of allowing a Super User to login on frontend: if you're ok with that, you can keep it enabled.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!