Hi there,
There are 2 installations of OpenACS, both remote, using different IPs, even hosted on different servers.
Locally, on my computer, I've assigned ip1 to evex.co, within the file /etc/hosts. I've started using the system, I've logged and browsed a few pages on admin's sections, as such: https://evex.co/admin/site-map/?root_id=692
Then, "locally, on my computer", I switched IP's to evex.co
Ex1. 200.163.19.6 evex.co
Ex2. 192.163.17.8 evex.co
I went back to the browser and continued playing in the system, and surprisingly I was allowed to do everything as if I were logged. In fact, I was logged and all the effects would have be applied to this new destination, in the ip2. There were no warns, session variables worked just fine.
Isn't that a security problem?