Login problems - can't save in easy customizer
jfriend
Registered Users Posts: 8,097 Major grins
I'm officially reporting this as a bug because it's causing several customers serious grief.
When a customization logs into using the API, Smugmug somehow wipes out your current regular login and things like the control panel or the easy customizer will fail when you try to save your changes.
A classic example with real customers is here and here. The consequences are that they either lose their changes in the control panel or they can't make changes in easy customizer. It's particularly heinous in easy customizer because easy customizer automatically runs a copy of the homepage in an iframe and there's no way for the customer to prevent that. If the homepage has a customization on the homepage that uses the API, then the customer is just screwed.
I know this code is in place to provide some sort of security protection, but it is being overzealous, does not need to do what it's doing in this particular case and it clearly needs to be fixed. There is no security issue in this case. The customer's own computer and own site is logging in via the API. That should not clear their browser-based login and prevent changes from being saved in easy customizer or the control panel.
When a customization logs into using the API, Smugmug somehow wipes out your current regular login and things like the control panel or the easy customizer will fail when you try to save your changes.
A classic example with real customers is here and here. The consequences are that they either lose their changes in the control panel or they can't make changes in easy customizer. It's particularly heinous in easy customizer because easy customizer automatically runs a copy of the homepage in an iframe and there's no way for the customer to prevent that. If the homepage has a customization on the homepage that uses the API, then the customer is just screwed.
I know this code is in place to provide some sort of security protection, but it is being overzealous, does not need to do what it's doing in this particular case and it clearly needs to be fixed. There is no security issue in this case. The customer's own computer and own site is logging in via the API. That should not clear their browser-based login and prevent changes from being saved in easy customizer or the control panel.
--John
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
0
Comments
http://help.smugmug.com
This is the same issue that also causes people who open more than one window on their site to lose data in their advanced customizations when it forces a relogin for the same reason.
In general the relogin is being triggered by API access to your account by yourself.
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
even in the same window?
I opened my site homepage, logged in (footer) and in the same window went
to control panel and was asked to log in. Duh, I just logged in.
My Website index | My Blog
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question