Announcement

Collapse
No announcement yet.

Sessions problem

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by SharkHead
    I think you are missing the point.
    It's not that thread that he cant delete. (and I'm not sure he cant)
    It's a serious bug that must be solved.
    even if he can only post with my name...
    The user is only seeing cached pages. They will not be able to perform any action as you that requires server-side processing, such as posting a message.

    Viewing cached pages is a problem for ANY web-based system, it's not something we can fix, because all we can do is process data on the server. When an ISP serves a cached page, the server is not involved.

    Comment


    • #17
      I have a suggestion to make......because this problem continues to pop up and, regardless of whether or not it appears that plain users are logging in as admins, this continues to drive a fair amount of forum owners crazy. Eliminate the sessionhash option and don't even bother mentioning the use of cookies to users. If they don't want to use cookies, then they do not become members of your Forums, plain and simple.

      I haven't seen this problem mentioned in any other Forum software company's support Forums and yet it continually pops up here.

      Maybe I'm just not seeing something here, but what is the true value of browsing forums using sessionhash? Is it just to appease those who have this phobia-like fear that cookies are out to expose their lives over the internet??? If that's the only reason for using sessionhash, then simply eliminate it as an option.
      Rob

      Comment


      • #18
        I agree with you completely, RobAC. I've been using DCForum for over a year, with over 2000 visits a day, and no-one has ever seen the Welcome-page with the wrong name on it. DCForum uses a cookie to store the name of a file that contains the userdata (so you end up with an awful lot of files).

        Solving this issue is absolutely vital to me. I'm having visitors pay to access certain parts of my forum to make a protected environment where one can talk about private things.

        Reading all the threads about this issue, I think it's going to take some time before this is solved. I've been looking at the sessions.php file, but I'm afraid it's over my head. Is there anyone out there who could write a hack to eliminate the sessionhash alltogether? My interest is not to make it hacker-proof, but to make it work for my users and to definitely kill the possibility of seeing Welcome Some-one-else on my homepage.

        Should I post this on the hack-request forum?
        Dutch community site for single parents.

        http://www.ouderalleen.nl/thuis.html

        Comment


        • #19
          please tell me what to do in order not to have this problem. (step by step, if you can) and while the member got my "welcome messge" he was also able to see the invisible forums, and the amount of PMs i had. (he said that he couldnt log to them, though)

          Comment


          • #20
            Some things that everyone needs to know and apparently are ignoring:

            1) This is not a vBulletin problem, beyond the fact that it puts the users' sessionhash in the URL, which can very easily be disabled. So there is really nothing to "fix".
            2) Even if you were using only cookies, sessionhash would still be used because sessionhash is the actual number that tracks the user. What you want to eliminate is having the option to put the session hash in the URL, and it has been mentioned many times here how to do that. That is different than eliminating sessionhash, which would eliminate the way vBulletin tracks users.

            I'm having visitors pay to access certain parts of my forum to make a protected environment where one can talk about private things.
            I can all but guarantee that no one is able to access this forum that shouldn't be. The reason is the people are pulling common pages that are cached, such as index.php, private.php (private messages), and usercp.php, for example, from the proxy. Meaning, unless a user knows and types in the exact URL of a hidden forum, and that forum was accessed by another user of your forums who is allowed to, and both users have the exact same ISP and proxy, the non-authorized user cannot access that private forum. That would be a very rare occurance.

            Comment


            • #21
              If you absolutely must avoid the 'problem' simply set the no-cache headers in the admin control panel.

              Comment


              • #22
                q:
                Add No-cache headers

                Yes/No ?

                Comment


                • #23
                  Yes

                  Comment


                  • #24
                    Just thinking:

                    If the problem is in the no-cache-headers, then maybe I could put them on the index-page and any other page that people might use as an entry page. Then if I set the url-sessionhash to true, there would not be a caching problem, or would there? As long as the first page they visit is a no-cached-page(?)
                    Dutch community site for single parents.

                    http://www.ouderalleen.nl/thuis.html

                    Comment


                    • #25
                      Thanks kier and all the others who help / tried to help me.
                      I'll keep on coming back to this thread to see if there are any deveopments about it.
                      Thanks again,
                      Shark.

                      Comment


                      • #26
                        OK, lets say I want to use cookie. The only option connected to cookies that I can see is the "Cookie domain" and "Cookie timeout". Where do I tell it to use cookies at all?

                        Comment


                        • #27
                          User CP > edit options > browse board with cookies? set to yes.

                          Comment


                          • #28
                            Uhh, we're back to the part where I'm convincing users to do something...

                            Listen, I think it's pretty elementary and should be put on the Admin Interface. Let the VB admins decide how the client should get access - through sessions or cookies.

                            Am I right?

                            Comment


                            • #29
                              No.

                              But if you insist on forcing your users to do it the way you would like, you can find at least 3 threads that detail how to do that around here, as I stated before.

                              Comment


                              • #30
                                I agree completely. I think it should be the Administrator's right and ability to decide how user log-ins are handled. That means: enable/disable/force sessionhash (it's not something that the board needs to run, afaik), enable/disable/force cookies. That means that if he wants all the users on the board to use cookies, he shouldn't need to ask them to do it ("Please guys, for the sake of humanity, go into the User CP and change cookies to..."). It should be an option of every good BB.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X