gareth.uk
Chevereto Member
Hi
I saw that you issued an update today that purported to fix the issue. I gave it a try as part of my evaluation over which software I should eventually settle on for my gallery.
I'm afraid the fix is incomplete.
Upon first loading the gallery, the passworded albums all look correct - the albums themselves are visible but no thumbnails are shown, and instead a padlock icon is shown. Clicking on any of the albums results in an "enter your password" screen.
Entering the password for a single album unlocks all other albums - is this expected? Those albums do all share a password but I kinda expected each one to need the user to input the password anyway. If this is expected then OK.
However, opening a brand new browser with a brand new session, I returned to the gallery to find that all of the passworded albums were now showing their thumbnails and were totally accessible to me - despite the fact that I had not entered any password on this new session. Given that there was no session data I thought perhaps you were doing it by IP, so I connected via 4G in order to get a new IP and nope, the galleries were still accessible. I even tried a totally different browser and they were still accessible. I can only assume therefore that they would also be accessible to other people - people who do not even know the password.
I left the gallery and came back several hours later to find that some of the private galleries were no longer accessible and clicking on them resulted in a "enter your password" screen. However, others WERE accessible and were still showing thumbnails. See the attached image for an example - as you can see, both of those albums are supposed to be private yet they both appear differently.
So... something still isn't right here I don't think.
So a little extra information.
After more time, the feature did start to behave as expected with private albums all showing a padlock until I entered the password, and I needed to enter the password on each one in order to view.
However, logging in as me (i.e. admin) is what breaks it. I log in as admin, view the albums, then log out again. Now all albums show the padlock. I enter the password for 1 of them and then they are ALL visible again as above.
So it seems logging out from an admin account doesn't fully work and I retain permissions to view the private albums after entering the album password once. I guess it starts to work properly after some time when my admin login session truly expires?
Correction, that last paragraph above should be:
So it seems logging out from an admin account doesn't fully work and I retain permissions to view all the private album thumbnails after entering a single album password. But I can only view the contents of the album that I entered the password for - clicking on the others results in the "enter password" screen even though I can see their thumbnails.
I'd guess there's something in the session that isn't right.
I saw that you issued an update today that purported to fix the issue. I gave it a try as part of my evaluation over which software I should eventually settle on for my gallery.
I'm afraid the fix is incomplete.
Upon first loading the gallery, the passworded albums all look correct - the albums themselves are visible but no thumbnails are shown, and instead a padlock icon is shown. Clicking on any of the albums results in an "enter your password" screen.
Entering the password for a single album unlocks all other albums - is this expected? Those albums do all share a password but I kinda expected each one to need the user to input the password anyway. If this is expected then OK.
However, opening a brand new browser with a brand new session, I returned to the gallery to find that all of the passworded albums were now showing their thumbnails and were totally accessible to me - despite the fact that I had not entered any password on this new session. Given that there was no session data I thought perhaps you were doing it by IP, so I connected via 4G in order to get a new IP and nope, the galleries were still accessible. I even tried a totally different browser and they were still accessible. I can only assume therefore that they would also be accessible to other people - people who do not even know the password.
I left the gallery and came back several hours later to find that some of the private galleries were no longer accessible and clicking on them resulted in a "enter your password" screen. However, others WERE accessible and were still showing thumbnails. See the attached image for an example - as you can see, both of those albums are supposed to be private yet they both appear differently.
So... something still isn't right here I don't think.
So a little extra information.
After more time, the feature did start to behave as expected with private albums all showing a padlock until I entered the password, and I needed to enter the password on each one in order to view.
However, logging in as me (i.e. admin) is what breaks it. I log in as admin, view the albums, then log out again. Now all albums show the padlock. I enter the password for 1 of them and then they are ALL visible again as above.
So it seems logging out from an admin account doesn't fully work and I retain permissions to view the private albums after entering the album password once. I guess it starts to work properly after some time when my admin login session truly expires?
Correction, that last paragraph above should be:
So it seems logging out from an admin account doesn't fully work and I retain permissions to view all the private album thumbnails after entering a single album password. But I can only view the contents of the album that I entered the password for - clicking on the others results in the "enter password" screen even though I can see their thumbnails.
I'd guess there's something in the session that isn't right.
