Announcement

Collapse
No announcement yet.

Security Issue/Glitch?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Issue/Glitch?

    I got this email from one of my users:
    'Sometimes when i would click on message board and it should have been logging me into "AznSpeedRacer1" automatically it would log me into either some other member named "DickDub" or "imalunatic".'


    This is what I am worried about. What if someone with the same ISP as the Admin (me) accidently get's logged in at the Admin? How can I prevent that from happening. It seems to all depend on IP Address and remembering the log in. I have set the Admin to surf the Message Board with cookies, BUT NOT to automaticly log into site.

    http://www.importmix.com/mb
    PHP Version 4.0.6
    MySQL 3.23.45
    1.3.22 (Unix)
    Linux

  • #2
    I have set the Admin to surf the Message Board with cookies
    This is the setting that people have problems with if they have it turned to no cookies. In addition, the admin CP uses different cookies than the main board and you need a cookie to login to the Admin CP.

    Comment


    • #3
      But you can still change passwords in the regular control panel. I don't understand your reply totally...but I have the cookies on for the Admin Member.

      Comment


      • #4
        Check your settings to see if you have the board being viewed by sessions or cookies.

        if its a cookie problem then your path is wrong in your admin cp
        sessions however, can be cached, and if a person was surfing on your board prior to anyone else before them, the borwser could have cached.

        also, is he/she behind a proxy or firewall?

        You can also turn on your pragma-no cache via the admin cp to prevent caching.
        There are only 10 types of people in the world: Those who understand binary, and those who don't

        Comment


        • #5
          Are you talking about the "http header and output"?

          Add Standard headers = NO
          Add No-cache headers = NO
          GZIP Output = NO
          GZIP compression level = 1
          Cookie Domain = *blank*
          Path to save cookies = /

          that is what I have.

          That guy was on a different computer than the other members. So I don't think the session caching is the problem. Some people have had to customize their browser security to allow all cookies. Because they could never stay logged in.
          Last edited by importmix; Fri 25 Jan '02, 12:43am.

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X