Tweet
Users reported viewing wrong posts and other user's private messages
Now using vb3.8.4
Several users have been reporting that they were viewing someone else's session, some had taken screenshots showing the private messages of the other users.
Unfortunately I've not been able to replicate this problem.
Users reported this problem after we've moved the servers to a new location, with similar infrastructure.
The old infrastructure, which had no problems:
Akamai (set rules to cache images, js and css only) -> Load Balancer (with web accelerator) -> 2 x web servers + 1 database (mysql 5.0)
New infrastructure:
Akamai (same rules) -> Load Balancer (no web accelerator) -> 6 x web servers + 1 database (mysql 5.5)
PHP 5.1.6
Case 1:
User attempts to reply to a thread in forum A, after submitting, he gets redirected to a totally unrelated thread in forum B, and the welcome message becomes "Welcome, someone else's name"
When he refreshes, it's back to his profile.
Case 2:
User access his PM list, sees someone else's PMs.
I'm trying to get more information from the users.
A friend I know encountered this once, but when he tried to view the "other" user's control panel, it reverted back to the correct profile.
Found a thread here dated 2002 with same symptoms, https://www.vbulletin.com/forum/show...ng-user./page2
But the settings like "Browse board with cookies" no longer exist, I think.
I've already enabled the "Add No-Cache HTTP Headers"
Any ideas on where to start troubleshooting?
sessionhash is created using md5(uniqid(microtime)), what are the chances of a hash collision?
Note that there are now 6 web servers in the farm. I suppose the time synchronization is accurate to the second. not microtime.
What will happen if 2 users hits the servers at the same time?
idhash is md5(user agent . $this->fetch_substr_ip($registry->alt_ip)))
since akamai passes the real IP in the header HTTP_X_FORWARDED_FOR, can I assume this shouldn't be the problem?
Several users have been reporting that they were viewing someone else's session, some had taken screenshots showing the private messages of the other users.
Unfortunately I've not been able to replicate this problem.
Users reported this problem after we've moved the servers to a new location, with similar infrastructure.
The old infrastructure, which had no problems:
Akamai (set rules to cache images, js and css only) -> Load Balancer (with web accelerator) -> 2 x web servers + 1 database (mysql 5.0)
New infrastructure:
Akamai (same rules) -> Load Balancer (no web accelerator) -> 6 x web servers + 1 database (mysql 5.5)
PHP 5.1.6
Case 1:
User attempts to reply to a thread in forum A, after submitting, he gets redirected to a totally unrelated thread in forum B, and the welcome message becomes "Welcome, someone else's name"
When he refreshes, it's back to his profile.
Case 2:
User access his PM list, sees someone else's PMs.
I'm trying to get more information from the users.
A friend I know encountered this once, but when he tried to view the "other" user's control panel, it reverted back to the correct profile.
Found a thread here dated 2002 with same symptoms, https://www.vbulletin.com/forum/show...ng-user./page2
But the settings like "Browse board with cookies" no longer exist, I think.
I've already enabled the "Add No-Cache HTTP Headers"
Any ideas on where to start troubleshooting?
sessionhash is created using md5(uniqid(microtime)), what are the chances of a hash collision?
Note that there are now 6 web servers in the farm. I suppose the time synchronization is accurate to the second. not microtime.
What will happen if 2 users hits the servers at the same time?
idhash is md5(user agent . $this->fetch_substr_ip($registry->alt_ip)))
since akamai passes the real IP in the header HTTP_X_FORWARDED_FOR, can I assume this shouldn't be the problem?
Comment