Hugo <Nabble> wrote

That case where a user was able to post as another user won't happen again. By the way, it probably happened because you posted a link to your forum with the cid information in it (links shouldn't have that information). The cid parameter is part of the Nabble solution to offer functional embeddable apps even when the browser has third-party cookies disabled. This goal is very difficult to achieve and most websites don't offer embeddable services because of this cookie challenge. Nabble is probably the only website that has gone that far and the details of this implementation are our best secret for now.

Hi, Hugo. Thanks for the update. (Sorry for the delayed response; I've been on vacation.) We'll test it some more with the forum set to "private" again.

I have to tell you that I know your theory is incorrect about users posting as other users because they accessed the forum using links containing the cid. The only link that those users ever received was the link to the page in which the forum is embedded. And that page contains only the embedding code supplied under "Options." (I posted the cid parameter in links on this support forum only because it was displayed by my forum as part of a relevant permalink.)

Thanks,

Steve