Jump to content
  • Announcements

    • olyclimber

      WELCOME TO THE CASCADECLIMBERS.COM FORUMS   02/03/18

      We have upgraded to new forum software as of late last year, and it makes everything here so much better!  It is now much easier to do pretty much anything, including write Trip Reports, sell gear, schedule climbing related events, and more. There is a new reputation system that allows for positive contributors to be recognized,  it is possible to tag content with identifiers, drag and drop in images, and it is much easier to embed multimedia content from Youtube, Vimeo, and more.  In all, the site is much more user friendly, bug free, and feature rich!   Whether you're a new user or a grizzled cascadeclimbers.com veteran, we think you'll love the new forums. Enjoy!
Sign in to follow this  
Alasdair

Getting logged in as others.

Recommended Posts

So I have now managed to log in as other people on more than one occasion after rebooting my machine. Why is this happening? I am assuming it has something to do with the fact they probably work at the same place I do and when I reboot I get an IP address they they have used at one time or another and I am auotmatically logged on. Is this correct?

Share this post


Link to post
Share on other sites

the matrix has you.

 

lets see, do you share a computer? the only way this may happen is if there is a cookie set on that computer

Share this post


Link to post
Share on other sites

interesting, perhaps it could be the IP and the session from teh same IP is still active in the database, the best bet is to make sure you log out, and this should terminate the session from that IP

Share this post


Link to post
Share on other sites

So maybe Dan, Peter, Jen, and Pierce all work at the same place? That explains everything!!!! Sorry Dan! yelrotflmao.gif

Share this post


Link to post
Share on other sites
JoshK said:

Where do you work? Should I be concerned? hahaha.gif

You should be very concerned. ALL YOUR BASE ARE BELONG TO US!

Share this post


Link to post
Share on other sites

That sounds like bogus session management. Shouldn't there be a session key associated with each session, sent on every request in a cookie or as part of the URL? I know PHP does this automatically if you enable the session.use_trans_sid option. It sounds like Alasdair is getting someone's session ID... maybe it's embedded in the URL he's using to get to the site? Does logging out properly destroy the session and all the session variables?

 

Maybe you could set sessions to expire more often, though that would force people to log in more often.

 

Geek_em8.gif

Share this post


Link to post
Share on other sites
ALL YOUR BASE ARE BELONG TO US!

 

How fuckin nerdy is that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×