Probably. It's quite possible it generates new one every x minutes/hours and that we see cached data of the key someone else used. That would explain it dissapearing when we request new data from server.

I'm in some account now. Gifting everyone games!

Free games everywhere! ;)

Doubt it, that would mean that you'd then pick up that key and keep using it, effectively keeping you logged in as them, as though you'd performed a sidejacking attack. More likely you're getting an incorrect hit on a cache, as TET said.

Haha! Really glad GOG has that function.

Imagine saving your Visa info and than someone get's in your account. :O

Awwww :( And I wanted to use the bugg to download games I didn't have from other people's accounts to my pc :/

More importantly, what if a 419 scammer, who had just registered, was sending a PM and it incorrectly got routed as being from another user that people trusted. Those people then happily take advantage of the dormant funds in the bank account by paying the fee and opening up their account details, and lose everything they own!

GOG - take your site down. NOW!

*Deletes my GOG account*

And later bring it back saying it was just a joke. Please don't forget the monks.

do you have access to games already purchased or just the forums?
i have yet to encounter the bug. Feel like i'm left out. its 4th grade all over again :( :(

LOL, me too. I've purposelly clicked General Discussion from several threads to see if I could "make it" happen. No bug for me. Which I'm glad. Too many bugs in the world.

Don't know if this helps or not, but one thing I did notice, whenever I click on most anything on this site, the icon next to "My Account" remains fixed, as in frozen. However, when I did click on the General Discussion link from a couple of threads earlier, I did notice it "blinked" and I'm guessing it's at that moment that the bug is occuring. After the blink, so far it's always been my own icon that came back, but I'm guessing with others during that blink something got screwed up. And further FWIW, it's NO LONGER even blinking when I do that.

I panicked and refreshed immediately when it happened to me. The person I impersonated had a really bright font so I spotted the bug right away.

So I don't know what you get access to.

I'm not sure if you can actually access other users' messages and/or game lists. We don't have any report yet of that being possible. And didn't someone report that the bug went away after clicking on "My Account"?

But I agree. As long as the exact nature of the bug has not been determined, it probably _would_ be better to take the server down until this is fixed. Better safe than sorry.

So far, it also seems that this is a cache issue, so users could protect themselves by not using the site until this is fixed (if they aren't using the site, then their info never gets loaded into the cache, and then nobody else can hit it due to the bug).

There was actually an element of sarcasm to my post. I'm of the opposite opinion. At most they just need to switch off their caching and take the increased server load. However I don't see any significant exploit being exposed beyond accidentally seeing someone's shopping cart.

The problem sounds from its description like occassionally the server is deciding that we have a page cached, and don't need to load up from the db. At that point it's giving us the wrong page. The important point there is that it's giving us old information, not anything we can work with. I assume it's not passing a session Id back with the response, so it's almost certainly just a harmless glitch.

If I were GOG though, I'd have called in someone from their bed to look into it.

Nobody wants to play with me. :(