V8 MES Login Password & Hijacking MES Sessions

system · March 9, 2009, 10:26am

I'm the only one here with the user associated to the employee but I have full admin rights so I hadn't run into any problems before. I just tested it out on our version 8.00 and it does indeed hijack the MES session to the employee and doesn't let go even after logout. BUG! I just never noticed before. We even have the status bar customized to display the user but for some reason it doesn't update when you login even though it switched users. You have to go to Admin Tools to check. Strange. You may want to discuss the status bar update as part of the SCR if possible.

I find it hard to believe that you're the first to have a problem with it though since it's obviously been that way since the first incarnation of V8. Having MES users that also use full version with employees associated with users must be rare.

Hopefully you were able to disassociate the users and employees so the password is not prompted as a work around until the patch comes out.

Thanks for bringing this up as I was considering using this feature to enhance login security but it just hasn't been an issue yet. Good to know!

--- In vantage@yahoogroups.com, "Ari Footlik" <ari@...> wrote:
>
> Update on this issue:
>
> According to Epicor support --> "SCR 56408 was created to address this
> issue.
>
> It is targeted to be fixed on 8.03.408, currently planned for a
> Mid-April release."
>
>
>
> --Ari
>
>
> ________________________________
>
> From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
> Of Ari Footlik
> Sent: Friday, March 06, 2009 11:06 AM
> To: vantage@yahoogroups.com
> Subject: RE: [Vantage] Re: v8 MES Login Password & Hijacking MES
> Sessions
>
>
>
> Right - but in our case, when they log in using their ID/password, MES
> switches from the generic MES user to the logged-in user, and DOES tie
> up the employee's account (we can see this happen in "Session Manager").
> Epicor support verified this behavior and submitted a bux-fix request,
> but who knows when we'll see that...
>
> BTW - we're on 8.03.406A. If anyone can independently verify this, I'm
> sure it would help.
>
> ________________________________
>
> From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> [mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
> Behalf
> Of saab_barracuda
> Sent: Friday, March 06, 2009 10:16 AM
> To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> Subject: [Vantage] Re: v8 MES Login Password & Hijacking MES Sessions
>
> If you associate the employee with the username, you can have the MES
> auto login with config to start the MES session and still have it prompt
> for password when they log in to the active MES. This way the generic
> MES user account is the license holder and doesn't tie up an employee's
> account. I forget which association activates this feature, whether it's
> in user record or the employee record or both.
>
> --- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
> <mailto:vantage%40yahoogroups.com> , "Ari
> Footlik" <ari@> wrote:
> >
> > In v6, there was an option to require a password when users log in to
> > MES. Since I have "Shop Supervisor" privileges, I enabled this option
> > for myself. I also enabled it for users who have rights to enter
> > "Scrap."
> >
> > In v8 now, whenever I log in to MES, even though MES loads with a
> > generic user, my login hijacks the MES session which then shows up in
> > "Maintain Session." As an admin, I am not restricted to one session,
> > but the "scrap" entry-users mentioned before are restricted to one
> > session, and when their login hijacks the MES session, they can't log
> in
> > to their normal workstations.
> >
> > I figure I either need a fix for MES so it doesn't let the session
> > switch IDs, or, the easier answer would be to disable the password
> > requirement for the users in question. The problem is I can't find the
> > "password" option in v8. Anyone know where that option is?
> >
> > Thanks.
> > --Ari
> >
> >
> >
> > [Non-text portions of this message have been removed]
> >
>
> [Non-text portions of this message have been removed]
>
>
>
>
>
>
> [Non-text portions of this message have been removed]
>

system · March 6, 2009, 9:37am

In v6, there was an option to require a password when users log in to
MES. Since I have "Shop Supervisor" privileges, I enabled this option
for myself. I also enabled it for users who have rights to enter
"Scrap."

In v8 now, whenever I log in to MES, even though MES loads with a
generic user, my login hijacks the MES session which then shows up in
"Maintain Session." As an admin, I am not restricted to one session,
but the "scrap" entry-users mentioned before are restricted to one
session, and when their login hijacks the MES session, they can't log in
to their normal workstations.

I figure I either need a fix for MES so it doesn't let the session
switch IDs, or, the easier answer would be to disable the password
requirement for the users in question. The problem is I can't find the
"password" option in v8. Anyone know where that option is?

Thanks.
--Ari

[Non-text portions of this message have been removed]

system · March 6, 2009, 11:16am

If you associate the employee with the username, you can have the MES auto login with config to start the MES session and still have it prompt for password when they log in to the active MES. This way the generic MES user account is the license holder and doesn't tie up an employee's account. I forget which association activates this feature, whether it's in user record or the employee record or both.

--- In vantage@yahoogroups.com, "Ari Footlik" <ari@...> wrote:
>
> In v6, there was an option to require a password when users log in to
> MES. Since I have "Shop Supervisor" privileges, I enabled this option
> for myself. I also enabled it for users who have rights to enter
> "Scrap."
>
> In v8 now, whenever I log in to MES, even though MES loads with a
> generic user, my login hijacks the MES session which then shows up in
> "Maintain Session." As an admin, I am not restricted to one session,
> but the "scrap" entry-users mentioned before are restricted to one
> session, and when their login hijacks the MES session, they can't log in
> to their normal workstations.
>
> I figure I either need a fix for MES so it doesn't let the session
> switch IDs, or, the easier answer would be to disable the password
> requirement for the users in question. The problem is I can't find the
> "password" option in v8. Anyone know where that option is?
>
> Thanks.
> --Ari
>
>
>
> [Non-text portions of this message have been removed]
>

system · March 6, 2009, 12:06pm

Right - but in our case, when they log in using their ID/password, MES
switches from the generic MES user to the logged-in user, and DOES tie
up the employee's account (we can see this happen in "Session Manager").
Epicor support verified this behavior and submitted a bux-fix request,
but who knows when we'll see that...

BTW - we're on 8.03.406A. If anyone can independently verify this, I'm
sure it would help.

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of saab_barracuda
Sent: Friday, March 06, 2009 10:16 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: v8 MES Login Password & Hijacking MES Sessions

If you associate the employee with the username, you can have the MES
auto login with config to start the MES session and still have it prompt
for password when they log in to the active MES. This way the generic
MES user account is the license holder and doesn't tie up an employee's
account. I forget which association activates this feature, whether it's
in user record or the employee record or both.

--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> , "Ari
Footlik" <ari@...> wrote:

>
> In v6, there was an option to require a password when users log in to
> MES. Since I have "Shop Supervisor" privileges, I enabled this option
> for myself. I also enabled it for users who have rights to enter
> "Scrap."
>
> In v8 now, whenever I log in to MES, even though MES loads with a
> generic user, my login hijacks the MES session which then shows up in
> "Maintain Session." As an admin, I am not restricted to one session,
> but the "scrap" entry-users mentioned before are restricted to one
> session, and when their login hijacks the MES session, they can't log

in

> to their normal workstations.
>
> I figure I either need a fix for MES so it doesn't let the session
> switch IDs, or, the easier answer would be to disable the password
> requirement for the users in question. The problem is I can't find the
> "password" option in v8. Anyone know where that option is?
>
> Thanks.
> --Ari
>
>
>
> [Non-text portions of this message have been removed]
>

[Non-text portions of this message have been removed]

system · March 6, 2009, 4:23pm

Update on this issue:

According to Epicor support --> "SCR 56408 was created to address this
issue.

It is targeted to be fixed on 8.03.408, currently planned for a
Mid-April release."

--Ari

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Ari Footlik
Sent: Friday, March 06, 2009 11:06 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re: v8 MES Login Password & Hijacking MES
Sessions

Right - but in our case, when they log in using their ID/password, MES
switches from the generic MES user to the logged-in user, and DOES tie
up the employee's account (we can see this happen in "Session Manager").
Epicor support verified this behavior and submitted a bux-fix request,
but who knows when we'll see that...

BTW - we're on 8.03.406A. If anyone can independently verify this, I'm
sure it would help.

________________________________

From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
Behalf
Of saab_barracuda
Sent: Friday, March 06, 2009 10:16 AM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: [Vantage] Re: v8 MES Login Password & Hijacking MES Sessions

If you associate the employee with the username, you can have the MES
auto login with config to start the MES session and still have it prompt
for password when they log in to the active MES. This way the generic
MES user account is the license holder and doesn't tie up an employee's
account. I forget which association activates this feature, whether it's
in user record or the employee record or both.

--- In vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
<mailto:vantage%40yahoogroups.com> , "Ari
Footlik" <ari@...> wrote:

>
> In v6, there was an option to require a password when users log in to
> MES. Since I have "Shop Supervisor" privileges, I enabled this option
> for myself. I also enabled it for users who have rights to enter
> "Scrap."
>
> In v8 now, whenever I log in to MES, even though MES loads with a
> generic user, my login hijacks the MES session which then shows up in
> "Maintain Session." As an admin, I am not restricted to one session,
> but the "scrap" entry-users mentioned before are restricted to one
> session, and when their login hijacks the MES session, they can't log

in

> to their normal workstations.
>
> I figure I either need a fix for MES so it doesn't let the session
> switch IDs, or, the easier answer would be to disable the password
> requirement for the users in question. The problem is I can't find the
> "password" option in v8. Anyone know where that option is?
>
> Thanks.
> --Ari
>
>
>
> [Non-text portions of this message have been removed]
>

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]