Announcement

Collapse
No announcement yet.

Logged in as wrong user.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Logged in as wrong user.

    I have recently noticed that at work when I go to my vBulletin site it sometimes welcomes me back as the wrong user. To be more specific, a user in the same building with the same IP.

    This has now happened a few times. There does not appear to be a security problem as it is only the forum main page that is wrong - i.e. if I go to PMs - they are mine, not the other user's.

    I'm not sure if there is a potential risk with this happening, but I thought it best that I report this just in case.
    Mike Warner
    MIGWeb - a Vauxhall Site for Enthusiasts of all Vauxhalls

  • #2
    Yup, this happens in my internal LAN as well. Best if you turn on "Browse board with cookies"

    Comment


    • #3
      We both have cookies on.
      Mike Warner
      MIGWeb - a Vauxhall Site for Enthusiasts of all Vauxhalls

      Comment


      • #4
        Sorry, I meant turn them off.

        Comment


        • #5
          Actually you should set both of these to 'Yes':

          Automatically login
          Browse the board with cookies
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment


          • #6
            Originally posted by Steve Machol
            Actually you should set both of these to 'Yes':

            Automatically login
            Browse the board with cookies
            I've confirmed the following with my home LAN.

            You can log on with cookies, but if you're using cookies to browse the board (instead of sending them through your link) other people behind the same router will automatically be logged on to your account.

            Comment


            • #7
              Somebody has reported a similar problem on our board:

              http://www.thedvdforums.com/forums/s...hreadid=124075

              Only they are nowhere near the user they appear on the forums as. Is browsing without cookies the only option for this user?

              What about users who don't notice this or decide to take advantage of it? Is there a potential security hole here?

              Comment


              • #8
                We can't read that thread because you don't allow guests to view your forums.

                AFAIK browsing with cookies and automatically logging in is the only way to fight the problem of accessing from behind the same proxy server.
                Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                Change CKEditor Colors to Match Style (for 4.1.4 and above)

                Steve Machol Photography


                Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                Comment


                • #9
                  Oops - thought I'd made that forum visible to non-registered users...

                  Both users are not behind the same proxy.

                  Comment


                  • #10
                    We're having the same problem with our board. It just came to our attention that users that are on a particular network are being auto logged in as each other. Obviously, this is a problem as we don't want dishonest users to post as someone else or read their PMs. Is there anyway to turn off auto login across the board?
                    You are unique and original - just like everyone else.

                    Comment


                    • #11
                      I've had two instances of this happening within the last week where people are being logged in as someone else.

                      Comment


                      • #12
                        this is still happening in my forums

                        in fact, it is a real security problem because I when I access PM, it is of the other user's!

                        this has happened both to me as well as other users.

                        any ideas?

                        Comment


                        • #13
                          vraiblonde: You say these users are on the same network, do they share machines?
                          If they use the same machines they could be getting each other's cookies.

                          Comment


                          • #14
                            My Forums too! For the last week, I had 3 different members logging in as different users!

                            And they are able to see how many PMs they have and the private Forums!

                            What's way out?

                            Idea?

                            Comment


                            • #15
                              Sorry to bring up such an old thread but I didn't find anything regarding this subject that was more recent.


                              Reports of this began to emerge about a day ago on my boards where users would be logged in as someone else. From what I have gathered it only occurs when user "A" gives user "B" a url to our forum that contains a sessionid. The only thing that has been done so far is to downgrade mmcache from our servers and clear out the session table.



                              edit* mmcache was downgraded, not removed
                              Last edited by TonyPBN; Wed 9 Jul '03, 3:43pm.
                              Tony Rieker | Founder of PBNation.com - one of the LARGEST vBulletin forums on the net!

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X