I had a member be able to login and post under another members username and password. Somehow it autopopulated because they certainly don’t know who or what their password is. And, the logout button doesn’t log them out either. How do I troubleshoot this?? I have SSO installed.
Do you know if the user was logged into the correct account on your WordPress site before they logged into your forum? If so, then the problem may be due to your recent changes that you mention here: Revisioning community - customer flow?.
If knittingtoday.com is not the same WordPress site as was used for clubknit.knittingtoday.com, then you are going to have to login to the rails console of your Discourse site and run the command:
SingleSignOnRecord.destroy_all
Let me know if this doesn’t make sense, or if you have trouble getting it done.
2 Likes
She said she had requested a password reset. I’m thinking no, she was not logged into the account beforehand. clubknit and knittingtoday each ran their own wordpress install. To run the command, do i just go the SSH console? do I change to discourse directory or anything?
This is probably the issue. Discourse users are associated with WordPress users based on the WordPress user_id. If your new site is using a different database than your previous site, the user ids will be different.
The command you need to run to fix this is run from the Rails server of your Discourse installation. First ssh into your server, then run:
cd /var/discourse
then run
./launcher enter app
then run
rails c
This should bring you to the rails console. You’ll know you are there when you see a prompt that looks like this:
>
At that prompt, enter:
SingleSignOnRecord.destroy_all
2 Likes
How do I know if its done? There is a blinking : but it only looks like it did a few records.
First make sure that you are actually in the Rails console. (I’ve edited my instructions in the previous post.)
To check if you have deleted all the SingleSignOnRecords run the command:
SingleSignOnRecord.all
It should return something like this: []. If instead it returns some records with data, you will know they haven’t been deleted.
While you are in the Rails console, you should probably also log out all of your users by running this command:
UserAuthToken.destroy_all
When this has been done, SSO should work correctly for you.
2 Likes
Yep. When I didn’t get the >, I did a little searching on some past messages and saw the rails login needed.
3 Likes
Just to wrap this up. Looks like everything worked just fine. Appreciate the help, as always @simon.
3 Likes
This topic was automatically closed after 21 hours. New replies are no longer allowed.