Hello,
I have a Drupal 4.7 website (I think it's 4.7) and some of my users are experiencing login problems. "Alice" will log in and end up inside "Bob"'s account. Alice can see Bob's account details, edit his blog, etc. Alice is 100% logged in as Bob.
Alice and Bob are in the same building, probably behind a firewall.
Does anyone know what could cause this problem? My first guess is that they are using a shared computer and Bob forgot to log out, but I'm not sure that this is true (btw, this is a school, Alice is a student and Bob a teacher, and Bob is not happy that his students can use his account).
How does Drupal store login information? Does it use a cookie? Or does it use the IP address? I have every reason to believe that Alice and Bob would show up as the same IP, so I hope that's not what Drupal uses. If Drupal only uses cookies, then that means that Bob didn't log out, right? Or is there another possibility?
Thanks for the help.
Cheers, Daniel.