Announcement

Collapse
No announcement yet.

Logging In As Different Person - Major Problem

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Logging In As Different Person - Major Problem

    Please read this thread as soon as possible. I have asked about this before and I do not get it resolved. I absolutely must be able fix this so that my member feel their privacy is secure.

    http://www.yes-its-free.com/vbbs/sho...threadid=26035
    Last edited by glenv; Mon 12 Nov '01, 4:08am.

  • #2
    The only way I've ever heard of this happening is if someone is accessing the forum from behind a proxy server and they are using session IDs instead of cookies.

    Your user - wsualum - is 'logged in' as someone else but I notice that he/she can't post as this other person. At some point it appears that he/she is asked for a user name and password.

    Have you checked wsualum's user profile to see what the setting is for 'Browse the board with cookies?' Make sure this is set to 'yes'.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      This just happened to me, too.

      Both users are using the same proxy, it would appear, through their ISP. Both also have cookies enabled in their profiles, as well as "remember name/password".

      I assume that by logging out of the forums when they are done for the day, this would prevent this - not sure if they both try to come on at the same time - blah.

      Any ideas?

      Cheers.
      Scott
      Incursus: (latin: clash, collision/attack, raid, foray, invasion)
      We Create Thingz.

      Comment


      • #4
        Here's another old thread I found, from about a year ago, same subject.

        http://www.vbulletin.com/forum/showt...threadid=10444

        Cheers.
        Scott
        Incursus: (latin: clash, collision/attack, raid, foray, invasion)
        We Create Thingz.

        Comment


        • #5
          They are viewing cached pages.

          Add no-cache headers to the index.php and private.php scripts and that's all.

          They are not actually logged in as a different user (which is why they're still prompted to log in when they want to post et. al.)

          Comment


          • #6
            Thwap! That makes total sense - thanks...

            Cheers.
            Scott
            Incursus: (latin: clash, collision/attack, raid, foray, invasion)
            We Create Thingz.

            Comment


            • #7
              Well, after looking at it, my forumhome template already has it in there.

              Code:
              <head>
              <!-- no cache headers -->
              <meta http-equiv="Pragma" content="no-cache">
              <meta http-equiv="no-cache">
              <meta http-equiv="Expires" content="-1">
              <meta http-equiv="Cache-Control" content="no-cache">
              <!-- end no cache headers -->
              <title>$bbtitle</title>
              $headinclude
              </head>
              Back to the drawing board.
              Incursus: (latin: clash, collision/attack, raid, foray, invasion)
              We Create Thingz.

              Comment


              • #8
                Those are no-cache headers for wusses

                HTML no-cache headers don't affect proxy servers anymore. Put this

                PHP Code:
                header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");             // Date in the past
                header("Last-Modified: " gmdate("D, d M Y H:i:s") . "GMT"); // always modified
                header("Cache-Control: no-cache, must-revalidate");           // HTTP/1.1
                header("Pragma: no-cache");                                   // HTTP/1.0 
                on line #3 (after error reporting) of index.php
                Last edited by bira; Sun 16 Dec '01, 3:30am.

                Comment


                • #9
                  Very cool, Bira - thanks - will give it a go.

                  Cheers.
                  Scott
                  Incursus: (latin: clash, collision/attack, raid, foray, invasion)
                  We Create Thingz.

                  Comment


                  • #10
                    Originally posted by bira
                    Those are no-cache headers for wusses

                    HTML no-cache headers don't affect proxy servers anymore. Put this

                    PHP Code:
                    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");             // Date in the past
                    header("Last-Modified: " gmdate("D, d M Y H:i:s") . "GMT"); // always modified
                    header("Cache-Control: no-cache, must-revalidate");           // HTTP/1.1
                    header("Pragma: no-cache");                                   // HTTP/1.0 
                    on line #3 (after error reporting) of index.php
                    interesting solution bira.. anyone confirms that it works
                    :: Always Back Up Forum Database + Attachments BEFORE upgrading !
                    :: Nginx SPDY SSL - World Flags Demo [video results]
                    :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

                    Comment


                    • #11
                      Seems to be working here - I haven't received any complaints.
                      Incursus: (latin: clash, collision/attack, raid, foray, invasion)
                      We Create Thingz.

                      Comment


                      • #12
                        Eva I have these lines in my index.php since almost a year now - and since I've done it, all complaints stopped

                        Comment


                        • #13
                          Originally posted by bira
                          Eva I have these lines in my index.php since almost a year now - and since I've done it, all complaints stopped
                          thanks
                          :: Always Back Up Forum Database + Attachments BEFORE upgrading !
                          :: Nginx SPDY SSL - World Flags Demo [video results]
                          :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

                          Comment


                          • #14
                            I should clarify, though, that if you have no-cache headers turned ON in the Admin CP options, then this addition is redundent.

                            If I turn no-cache headers on, bandwidth and server load pops up the sky on my BB. So I preferred to turn it off, but added these headers to index.php to prevent what seemed to be a fairly common "mistake" of people seeing cached page with someone else's username.

                            I used to have this in private.php as well. I removed it cos it destroys the user's ability to go "back" when he makes a mistake (his message will be lost). And, I suppose it could be added to usercp.php as well. In any event, index.php has always been the problematic page for viewing cached pages. private.php and usercp.php are the only other two pages that could potentially cause the same effect.

                            Comment


                            • #15
                              thanks for the note.. i have forced all members to use cookies and disabled sessions so i don't get the problem but maybe one day might get sessions back
                              :: Always Back Up Forum Database + Attachments BEFORE upgrading !
                              :: Nginx SPDY SSL - World Flags Demo [video results]
                              :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X