A friend of mine builds now another ADP catalogue. We both placed an hxxp://.../admin/index.php?adp=links&action=approve link to each site, for a more comfortable access of link approval.

Amd now the Easter Egg: When we both had a live administration session, I was able to enter his link approval page, and I was able to edit, modify, move and approve the links in his queue! Nice help among ADP Admins on the World

I don't know, how does it work (cookie with no session id?), but it was funny... May I ask you for some advice, how to fix this bug?
Addendum: It seems, that reverse it does not work! My copy is safe! And My friend's colleague from other PC, but same IP could also enter - withaout any earlier ADP activities.

So you are saying that the ADP installs are on different domains, but if you authenticate to install A, you can also access install B without having to authenticate?

Yes, exactly. And it happened, when admins were active on both server. Meanwhile Admin of Install B could not reach Install B. Is it possible, that it is a webserver configuration problem and nothing to do with ADP?

(Sorry for late reaction, I did not checkedin notify option.)

I am going to say it has something to do with the web server, since the authentication is handled via .htaccess and not via ADP.

Thx Ryan, after the first surprise I agree with you.