Friday 09 January 2009 4:11:15 am

ezwebin on eZ Publish 3.9.0 had a issue where it caches pagelayout header (using cache block) pr users with same rights, and not pr user. So your not logged in as another user, it's just another users user name that shows up on the webpage( so no security issue besides seeing the name of another user an his user id in the markup).

You can update ezwebin to 1.2 to get the fix, but you'll need to update eZ Publish as the updated uses nested cach-block's witch didn't work on 3.9.0 (fixed in a later 3.9.x version so use latest 3.9.x version or newer).

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Friday 09 January 2009 5:25:53 am

fetch current user issue, see Kristof's post.
No rights to edit: This is caused by the fact the user id is in the url, so if you get wrong name you also get wrong url.

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom