Announcement

Collapse
No announcement yet.

Users auto-logged as someone else?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by smachol
    If this can be shown, then of course it raises the stakes a bit.
    I have no other way of showing it (without setting up all the hardware and software and accounts needed) other than my users word. The complaint about being able to access other members profile's through the CP panel, is indicated in the thread I linked to in my first post.

    The member in question had cookies set to yes, and autologin also set to yes.

    I actually advised them, after they told me they can edit profiles through CP, to set cookies to "no". This way hopefully the proxy won't cache the contents, unless matching the session hash. (Based on my guess on what Netsetter is doing)
    Last edited by tamarian; Wed 17 Apr '02, 7:52pm.
    vB Drupal Community Plumbing | vB Survey | vBusy | vB Spell | vBouncer

    Comment


    • #17
      tamarian, any news fro you on this situation? I was advised in another thread to set the admin cp to add no-cache headers but I haven't tried it yet nor have I filed a support ticket. Hoping to hear you've uncovered the problem or soultion and how before I do either...
      Eat Your Veggies

      Comment


      • #18
        Originally posted by Cynthia
        tamarian, any news fro you on this situation? I was advised in another thread to set the admin cp to add no-cache headers but I haven't tried it yet nor have I filed a support ticket. Hoping to hear you've uncovered the problem or soultion and how before I do either...
        No, nothing new. My ticket was closed with the comment that it's only the welcome message, nothing more.

        But I have a user who can login as someone else, and edit their profile. Except, she's too shy to type something and save it as a proof. I keep asking her to do it, but all she does is reach the edit profile form, and save a snapshot and email to it to me. And yes, she can access their profiles, see their email etc. Now I'm trying to get her to take a bold step and edit something like "this is a test" in their bio..
        vB Drupal Community Plumbing | vB Survey | vBusy | vB Spell | vBouncer

        Comment


        • #19
          This issue has been around for a long time and Vbulletin can not seem to fix it.. Setting the cookies to default to yes helps but does not fix this problem. This is a big security issue but vbulletin is deciding to ignore. I have seen MANY posts with people having the same issue.

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X