let me vote as someone else after voting as my facebook id
Reported by Neal McBurnett | August 14th, 2010 @ 08:46 AM | in v3.1
I'm using Helios v3 on Chrome, Ubuntu Lucid.
I just created an election named "Just testing"
Election Fingerprint:
MtBWj8TJmwx4Dru3/pzsJ5Flp7IdbTn10ROnmQYUL7M
I voted, logged in as my Facebook account (Neal McBurnett).
It said it logged me out.
Then I asked to cast another vote, and got to this page, where
it said
I was logged in as the wrong person:
https://vote.heliosvoting.org/helios/elections/c17d6d9c-a7b5-11df-a...
Just testing - Submit your Vote
We have received, but not yet recorded, your encrypted ballot
with
tracking number:
tb9vpVNXXA7tVNApEiowmRH19tzQNJMU32h1U1ybFxY
You are logged in as Fabio Dapper (as a google id it seems?)
I cast the vote, and it looked fine:
Just testing - Vote Successfully Cast!
Congratulations, your vote has been successfully cast!
Your ballot tracking number is:
tb9vpVNXXA7tVNApEiowmRH19tzQNJMU32h1U1ybFxY
I logged in again, and checked the ballots and they are both
there.
Looks like an authentication bug...
Comments and changes to this ticket
-
Neal McBurnett August 14th, 2010 @ 08:59 AM
Just to be clear - I have no idea who "Fabio Dapper" is, and note there is an accented character in Fabio - I forget which one, though I have a screenshot.
-
Ben Adida August 14th, 2010 @ 01:01 PM
- Milestone set to “v3.0.2”
- State changed from “new” to “open”
- Tag changed from “authentication facebook google” to “authentication”
- Milestone order changed from “2” to “0”
-
Nigel Smart September 17th, 2010 @ 03:51 AM
I had a similar situation. I am logging on via my Google account. But suddenly I got logged on as someone else,
via their Yahoo account. -
Ben Adida September 17th, 2010 @ 08:01 AM
- Milestone changed from “v3.0.2” to “v3.1”
- Milestone order changed from “3” to “0”
Nigel: did this happen for you right after you cast a ballot, or did it happen for you at another time?
-
Nigel Smart September 17th, 2010 @ 08:28 AM
When just looking around the site. It was from moving from one random page to another
-
Ben Adida September 17th, 2010 @ 08:51 AM
Nigel: thanks so much for your help with this. Do you know when this happened, approximately, or even precisely? I'm going to look through the logs to see what was going on. Clearly a race condition in session management, and something I want to fix ASAP.
-
-
Ben Adida September 22nd, 2010 @ 07:53 AM
Nigel: one more question, if you can remember: were you logged in, and then the system switched your identity, or were you not logged in, just browing anonymously, and then the system decided you were logged in as someone else?
-
Nigel Smart September 22nd, 2010 @ 07:57 AM
Was logged in via my Google ID (or Yahoo ID) I think and then suddenly
it switched persons
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
the Helios Voting System
Ben Adida