Posted by Steve Diamond on Feb 09, 2009; 6:04pm
URL: https://support.nabble.com/VERY-SERIOUS-replies-on-embedded-forums-attributed-to-wrong-accounts-tp2294190p2298592.html

Graham Perrin wrote

I prefer sessions to:

• persist until the user explicitly logs out from Nabble
• not expire when the user quits or exits from the browser
• not time out.

http://plone.org/support/forums is a good example of an area comprising multiple list archives in which time outs would lead to confusion and/or frustration.

In my view those preferences are more applicable to public forums than to private ones. And I think we've already demonstrated that they just plain don't work when a private forum is embedded. Perhaps the Nabble engineers could provide some options settings to govern the treatment of sessions and cookies. But unless they find another way to prevent posts from getting attributed to an account other than the one that's actually logged in, I for one would like to see the session data cleared automatically.