Why fetching impersonation is only if user is logged?

Question

Why fetching impersonation is only if user is logged?

m7moud opened this issue 10 years ago · 2 comments

I'm using different models for users and admins, and of course admins can impersonate users.

Answer 1 · 2015-07-16T07:30:49.000Z

+1... I didn't realize this was a dealbreaker before I started using this module.

Answer 2 · 2016-07-24T01:57:00.000Z

This is done to prevent a situation where a user (who let's say is an admin) logs out but the impersonation sticks, so the next user who logs in on the same machine (who may not be an admin) will be impersonating (security issue).