#35 open
Neal McBurnett

let me vote as someone else after voting as my facebook id

Reported by Neal McBurnett | August 14th, 2010 @ 08:46 AM | in v3.1

I'm using Helios v3 on Chrome, Ubuntu Lucid.
I just created an election named "Just testing"
Election Fingerprint: MtBWj8TJmwx4Dru3/pzsJ5Flp7IdbTn10ROnmQYUL7M

I voted, logged in as my Facebook account (Neal McBurnett).
It said it logged me out.

Then I asked to cast another vote, and got to this page, where it said
I was logged in as the wrong person:

https://vote.heliosvoting.org/helios/elections/c17d6d9c-a7b5-11df-a...

Just testing - Submit your Vote

We have received, but not yet recorded, your encrypted ballot with
tracking number:

tb9vpVNXXA7tVNApEiowmRH19tzQNJMU32h1U1ybFxY

You are logged in as Fabio Dapper (as a google id it seems?)

I cast the vote, and it looked fine:

Just testing - Vote Successfully Cast!

Congratulations, your vote has been successfully cast!

Your ballot tracking number is:

tb9vpVNXXA7tVNApEiowmRH19tzQNJMU32h1U1ybFxY

I logged in again, and checked the ballots and they are both there.

Looks like an authentication bug...

Comments and changes to this ticket

  • Neal McBurnett

    Neal McBurnett August 14th, 2010 @ 08:59 AM

    Just to be clear - I have no idea who "Fabio Dapper" is, and note there is an accented character in Fabio - I forget which one, though I have a screenshot.

  • Ben Adida

    Ben Adida August 14th, 2010 @ 01:01 PM

    • Milestone set to v3.0.2
    • State changed from “new” to “open”
    • Tag changed from authentication facebook google to authentication
    • Milestone order changed from “2” to “0”
  • Nigel Smart

    Nigel Smart September 17th, 2010 @ 03:51 AM

    I had a similar situation. I am logging on via my Google account. But suddenly I got logged on as someone else,
    via their Yahoo account.

  • Ben Adida

    Ben Adida September 17th, 2010 @ 08:01 AM

    • Milestone changed from v3.0.2 to v3.1
    • Milestone order changed from “3” to “0”

    Nigel: did this happen for you right after you cast a ballot, or did it happen for you at another time?

  • Nigel Smart

    Nigel Smart September 17th, 2010 @ 08:28 AM

    When just looking around the site. It was from moving from one random page to another

  • Ben Adida

    Ben Adida September 17th, 2010 @ 08:51 AM

    Nigel: thanks so much for your help with this. Do you know when this happened, approximately, or even precisely? I'm going to look through the logs to see what was going on. Clearly a race condition in session management, and something I want to fix ASAP.

  • Nigel Smart

    Nigel Smart September 17th, 2010 @ 12:27 PM

    Must have been around 11.00 British Summer Time today

  • Ben Adida

    Ben Adida September 22nd, 2010 @ 07:53 AM

    Nigel: one more question, if you can remember: were you logged in, and then the system switched your identity, or were you not logged in, just browing anonymously, and then the system decided you were logged in as someone else?

  • Nigel Smart

    Nigel Smart September 22nd, 2010 @ 07:57 AM

    Was logged in via my Google ID (or Yahoo ID) I think and then suddenly
    it switched persons

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

the Helios Voting System

Pages