Please read this thread as soon as possible. I have asked about this before and I do not get it resolved. I absolutely must be able fix this so that my member feel their privacy is secure.
Logging In As Different Person - Major Problem
Collapse
X
-
The only way I've ever heard of this happening is if someone is accessing the forum from behind a proxy server and they are using session IDs instead of cookies.
Your user - wsualum - is 'logged in' as someone else but I notice that he/she can't post as this other person. At some point it appears that he/she is asked for a user name and password.
Have you checked wsualum's user profile to see what the setting is for 'Browse the board with cookies?' Make sure this is set to 'yes'.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
-
This just happened to me, too.
Both users are using the same proxy, it would appear, through their ISP. Both also have cookies enabled in their profiles, as well as "remember name/password".
I assume that by logging out of the forums when they are done for the day, this would prevent this - not sure if they both try to come on at the same time - blah.
Any ideas?
Cheers.
ScottIncursus: (latin: clash, collision/attack, raid, foray, invasion)
We Create Thingz.Comment
-
Incursus: (latin: clash, collision/attack, raid, foray, invasion)
We Create Thingz.Comment
-
Well, after looking at it, my forumhome template already has it in there.
Code:<head> <!-- no cache headers --> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="no-cache"> <meta http-equiv="Expires" content="-1"> <meta http-equiv="Cache-Control" content="no-cache"> <!-- end no cache headers --> <title>$bbtitle</title> $headinclude </head>
Incursus: (latin: clash, collision/attack, raid, foray, invasion)
We Create Thingz.Comment
-
Those are no-cache headers for wusses
HTML no-cache headers don't affect proxy servers anymore. Put this
PHP Code:header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); // always modified
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Pragma: no-cache"); // HTTP/1.0
Last edited by bira; Sun 16 Dec '01, 3:30am.Comment
-
Originally posted by bira
Those are no-cache headers for wusses
HTML no-cache headers don't affect proxy servers anymore. Put this
PHP Code:header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT"); // always modified
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Pragma: no-cache"); // HTTP/1.0
:: Always Back Up Forum Database + Attachments BEFORE upgrading !
:: Nginx SPDY SSL - World Flags Demo [video results]
:: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]Comment
-
Originally posted by bira
Eva I have these lines in my index.php since almost a year now - and since I've done it, all complaints stopped:: Always Back Up Forum Database + Attachments BEFORE upgrading !
:: Nginx SPDY SSL - World Flags Demo [video results]
:: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]Comment
-
I should clarify, though, that if you have no-cache headers turned ON in the Admin CP options, then this addition is redundent.
If I turn no-cache headers on, bandwidth and server load pops up the sky on my BB. So I preferred to turn it off, but added these headers to index.php to prevent what seemed to be a fairly common "mistake" of people seeing cached page with someone else's username.
I used to have this in private.php as well. I removed it cos it destroys the user's ability to go "back" when he makes a mistake (his message will be lost). And, I suppose it could be added to usercp.php as well. In any event, index.php has always been the problematic page for viewing cached pages. private.php and usercp.php are the only other two pages that could potentially cause the same effect.Comment
-
thanks for the note.. i have forced all members to use cookies and disabled sessions so i don't get the problem but maybe one day might get sessions back:: Always Back Up Forum Database + Attachments BEFORE upgrading !
:: Nginx SPDY SSL - World Flags Demo [video results]
:: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment