Item5008: If you register someone you are magically logged in as them

The minor issue is that after registering someone else I am sort of "logged in" as this someone else, at least in the left bar. Probably this happens because the cookie "login state" is changed after registration to whoever has registered. It is straightened out as soon as I edit something, because edit wants genuine authentication and starts with $ENV{REMOTE_USER}. Maybe this should go to an extra bug item.

-- TWiki:Main.HaraldJoerg - 20 Nov 2007

as to the 'minor' issue, y, thats been bugging me (conceptually) for a few weeks, and I'm trying to figure out why we can't remove that, forcing users to actually log in after they have completed registration (or in your senario, they have already logged in)

There are 2 possible fixes:

• if you are already authenticated, and you register, you remain as the user you are authenticated as
  
• whenever a user completes the registration process, they Then have to authenticate, thus proving that their registration was less likely to have been hijacked.

I've done the first, but the second seems like a more complete fix.

-- TWiki:Main/SvenDowideit - 23 Nov 2007

thanks to all of you for working on this, i am glad that this has been found as a "bug". actually this is not a "minor" issue: as an admin, i often register for the new users, then go back to my own work, ... oops, then i found that i have edited some pages -- on behalf of the new user !! -- Edward Tam

-- TWiki:Main.EdwardTam - 07 Jan 2008