Is there any way to bypass the adminCP/modCP login pages if a user is already logged in? I've had a flick through the mods and forums and can't find anything..

I hope not, that would be a serious security risk.

Can you expand on that please Marco?

A user has already supplied their credentials already to log in, and they're also a moderator. Why shouldn't they be one click away from seeing their moderator control panel?

I'm not disagreeing, something tells me it's a risk too, but I can't put my finger on why when they have already authenticated themselves.

One of the reasons would be that a regular login would allow the "Remember Me" to be ticked. Imagine a staff member, maybe on holiday, using a public computer to check the forum and forget to logout. The next visitor would have all Mod/Admin options open without login.

Point taken, but is there not just as much risk of the browser remembering the credentials? I could do without the remember me feature. If I were to strip that, could it be possible?

--------------- Added 1205332301 at 1205332301 ---------------

Plus from here on in, if you don't mind, let's only refer to the modcp. If a moderator does act as above, the worst that can happen to my knowledge is that their individual forum is corrupted.

--------------- Added 1205332414 at 1205332414 ---------------

And I should also, also add that this instance is behind a company firewall. So hopefully, there would be an element of trust involved if someone were to stumble across a machine in the above state.

--------------- Added 1205405412 at 1205405412 ---------------

Does anyone else have any thoughts on why we shouldn't have SSO between the main forum and the modcp if we're behind a firewall?