Announcement

Collapse
No announcement yet.

Sessions problem

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SharkHead
    replied
    I think that our users couldnt post again... anyway, they all had the same ISP. (and used ADSL)

    Leave a comment:


  • cobradude
    replied
    Originally posted by Kier
    The user is only seeing cached pages. They will not be able to perform any action as you that requires server-side processing, such as posting a message.

    Viewing cached pages is a problem for ANY web-based system, it's not something we can fix, because all we can do is process data on the server. When an ISP serves a cached page, the server is not involved.
    Ok, I have everyone using cookies, and I deleted the options to not to use cookies in the templates.

    Kier, you mention that the person wouldn't be able to post under a different name or anything like that, but I have members who have been able to. Take a look here: http://www.clubcobra.com/forums/show...&threadid=8243

    This was before I took out the options to not use cookies so I think I have things pretty well in order now, but it looks like there still may be a security problem if someone posts a message as someone else. Weird thing is that the IP addresses are identicle for both, but they are from different states.

    Leave a comment:


  • Steve Machol
    replied
    Originally posted by advance
    Thanks for listening.
    Hmmm.......listening goes both ways!

    Leave a comment:


  • tubedogg
    replied
    Originally posted by advance
    It's a friggin DB! Does "UPDATE table SET UseCookies = 1 WHERE UseCookies = 0" differ that much from "UPDATE table SET UsePM = 1 WHERE UsePM = 0"?
    No, but neither exist as an option and neither are likely to.

    I don't see why you go against this
    It doesn't fix the "problem" as stated many many times. There is no other place in the Admin CP where the Admin is given the option to change all of their users' options, so why should they for this? If you want it so badly run the query yourself.

    Leave a comment:


  • advance
    replied
    It's a friggin DB! Does "UPDATE table SET UseCookies = 1 WHERE UseCookies = 0" differ that much from "UPDATE table SET UsePM = 1 WHERE UsePM = 0"?

    It's a simple feature that's EASILY created.
    If I had the code, I'd even make a hack myself, with my bare knowledge of vBulletin.

    I don't see why you go against this, but I can tell you that this has made my mind regarding purchasing this forum for website I own and operate for others.

    Thanks for listening.

    Leave a comment:


  • Kier
    replied
    You can manually add no-cache headers to individual pages of your choosing by entering the no-cache meta-tags to the templates of for the pages you want to affect. Refer to any good HTML reference for how to do this.

    Leave a comment:


  • bart
    replied
    Allright, so it's "on" or "off".

    But what about "on and off". Wouldn't it be possible (for me) to expand a little on the nocacheheader-variable. I found it's only active in global.php and some admin-files. Isn't it so that I could just edit the global.php and write something like:

    if forumid eq 1 then use nocache (i know how to do this)

    or

    if looking at usercp (private.php) then nocache (i don't know how to do this)

    Is this making sense? Can anyone give me a hint or two on how to do this?

    Leave a comment:


  • Kier
    replied
    As I said earlier in this thread, and tubedogg has reiterated serveral times, the only way to prevent users from ever seeing cached pages is to set the no-cache headers to 'yes' in the administrators' control panel. It's a one-click operation.

    Unlike most other forum software, we do not set the no-cache headers to 'on' by default, because (at the request of our customers I might add), setting a no-cache header for the board will result in increased bandwidth usage. ($$$) Therefore, you have the option. If you find that you have a problem with people seeing cached pages, then do the logical thing and disable caching.

    It is a one-click operation.

    Leave a comment:


  • tubedogg
    replied
    Originally posted by advance
    Argh, the point is that because of the cache problem that's being described in this thread, you WILL want to change the board after you've started it. You shouldn't be punished for it - plus, it won't take much programming from the Devs to make an in-board option to make everything no-cache and force cookies, would it?
    It wouldn't, but let me draw an analogy here.
    Let's say you start your board and don't want to allow people to use Private Messages. So you turn it off and then take the "use PMs" option in the registeradult and modifyoptions template and change it to a hidden field set to no.
    Six months down the road, you decide to allow Private Messages. You have 5000 members. You edit the modifyoptions and registeradult templates to make it an option once more, but what about your 5000 current members? Is Jelsoft expected to have foreseen your change of mind and put something in the Admin CP that will automatically change everyone's PMs to on? This could be drawn out to include any possible option on the User CP > Edit Options page. There's a point where you stop providing options for things that are only going to be used by a fraction of the user base. I think this is one of those things.

    Leave a comment:


  • advance
    replied
    Argh, the point is that because of the cache problem that's being described in this thread, you WILL want to change the board after you've started it. You shouldn't be punished for it - plus, it won't take much programming from the Devs to make an in-board option to make everything no-cache and force cookies, would it?

    I don't see what's to stop them! The users want it, it won't take much work, and all in all it's simple! It's "mitbakesh" (go look up some hebrew ).

    I am arguing for the sake of all programs being User Friendly and yet open for the techies - that's how I would like all the programs I use and dev to be. I don't agree with any dev thinking "this is so obvious, it's just 2 simple steps out of the program, I won't develop anything to make this even easier".

    At least I got a better understanding of how the program works, as I've never seen it except from the basic user's view.

    Leave a comment:


  • tubedogg
    replied
    I'm arguing with someone who doesn't even have access to a CP to know what we're talking about? AAAARRRRGGGGHHHH!

    Anyway. Sorry I just figured you owned vBulletin.

    ...the administrator will have to edit the UserCP to disable the option for cookies (hidden form input control with the values "yes")
    This is correct, however as I said earlier it is expected that you customize the templates. This is done from within the vBulletin Admin CP and requires knowledge of HTML, or searching here and copying and pasting into the template.

    and use SQL to make all current users have cookies Enabled, true?
    If you change your mind in the middle of running the board, yes this is true. However if you are going to change your mind about something like this you should expect to have to do something about it that's not necessarily easy. And I would venture to say that running a query via phpMyAdmin is not exactly brain surgery. (I even wrote instructions in plain english about how to do it - see the link in my sig.)

    Leave a comment:


  • RobAC
    replied
    Tubedogg writes: "To force cookies, make the opposite change in the templates. None of this involves getting into the database or messing with PHP."

    Not necessarily true. Correct me if I'm wrong, but by changing the templates, only new registrants will be affected and present members will not be able to change their settings via their control panels. You have to go into the database and run respective queries to change present members' settings to your desired defaults as Kier described how to do for me.

    Leave a comment:


  • advance
    replied
    I am not an admin and don't run vBulletin, so I don't know about the templates. But from what I understand, the administrator will have to edit the UserCP to disable the option for cookies (hidden form input control with the values "yes") and use SQL to make all current users have cookies Enabled, true?

    How about a click on a link for the program to do this itself?

    I guess we'll just have to wait and see if the devs will do anything about this issue, that is causing disconcernment to many administrators.

    thx

    Leave a comment:


  • tubedogg
    replied
    Here we go again.

    Originally posted by advance
    Question: Is there an in-board option to run with/without the no-cache pragma, with/without/forcing sessionhash and with/without/forcing cookies?
    Screw the problem, screw the fix - is there an EASY option to do so?

    Answer: No.
    Incorrect. To turn on no-cache headers, flip "no" to "yes" under options. To force sessionhash in the links, make the change in the template. To force cookies, make the opposite change in the templates. None of this involves getting into the database or messing with PHP.

    I know SQL, I know PHP, ASP and a tad of Perl. I dare say that I am not in the "lowest common denominator" and yet I like using programs that don't force me playing with DBs and ****e for something as basic as this. It's quite silly, really.
    I didn't say you were. I merely said it was silly to have Jelsoft dumb the program down because you don't want to edit the templates.

    I don't get your point about people not worthy to be admins - are there tests to be administators?
    You are expected to know at least a little HTML and how to run a control panel from a web browser in order to change things about the program. If you don't know HTML or can't run a control panel from a web browser, then don't moan about not being able to change something. As I said, you are expected to have a certain level of knowledge.
    I'm not going to go to the DMV and expect to get a drivers' license having never driven a car before. Just as you can't expect to be able to change the templates without at least a little knowledge of HTML.

    Should they be able to disable sessionhash, force cookies and use the no-cache pragma? Yes, they should.
    And they can, with very little knowledge of HTML.

    Anyways, VB is a business - they're selling the forum to users, to administrators. If you don't listen to what the users want, you won't survive a day. Therefore, I don't assume -- I know that the developers will listen to me and not to you.
    The developers have known about this "problem" for at least a month and still have not "fixed" it. One of the developers even replied in this thread. I would venture to say that that pretty much gives you an answer as to what they plan to do about it.

    Leave a comment:


  • advance
    replied
    Since you don't seem to follow my reasoning, I'll try and explain more clearly. This is regardless of the problem that this topic discusses. It is relevant, but off-topic.

    Question: Is there an in-board option to run with/without the no-cache pragma, with/without/forcing sessionhash and with/without/forcing cookies?
    Screw the problem, screw the fix - is there an EASY option to do so?

    Answer: No.

    I know SQL, I know PHP, ASP and a tad of Perl. I dare say that I am not in the "lowest common denominator" and yet I like using programs that don't force me playing with DBs and ****e for something as basic as this. It's quite silly, really.

    When I program anything, I try to keep -everything- open-ended and easy, and I make an option for any and every feature, from the simplest to the most complex.

    I don't get your point about people not worthy to be admins - are there tests to be administators? Do people running www.howtotreathorsesdiseases.com and the corresponding bulletin board need to know SQL and how to mess with DBs? I think not. Should they be able to disable sessionhash, force cookies and use the no-cache pragma? Yes, they should.

    Anyways, VB is a business - they're selling the forum to users, to administrators. If you don't listen to what the users want, you won't survive a day. Therefore, I don't assume -- I know that the developers will listen to me and not to you.

    Good day.
    Last edited by advance; Thu 17 May '01, 10:05am.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X