Hi guys
I'm just checking to see if this is correct.
I was viewing a users blog on my wpmu site and decided to login to admin. i clicked on the users 'login' link in their blog page and loggedin as admin in the usual way. However, I found myself in the users blog I'd just come from and I found i could add/edit/delete and basically change anything i wanted. I was worried that othrs could do the same i.e. view a fellow users blog, click their login link and login using their usual login details and find themself in teh other users blog.
I did a test and found that this is not possible. if you try to do the same thing as above only you are a normal user, after you click the submit button the page refreshes back to the login page again and you have to login again. And then you find yourself in your own blog admin.
can someone confim that this is the correct way the login system works?
ta