Jump to content

Recommended Posts

Posted

So I have now managed to log in as other people on more than one occasion after rebooting my machine. Why is this happening? I am assuming it has something to do with the fact they probably work at the same place I do and when I reboot I get an IP address they they have used at one time or another and I am auotmatically logged on. Is this correct?

  • Replies 10
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted

interesting, perhaps it could be the IP and the session from teh same IP is still active in the database, the best bet is to make sure you log out, and this should terminate the session from that IP

Posted

That sounds like bogus session management. Shouldn't there be a session key associated with each session, sent on every request in a cookie or as part of the URL? I know PHP does this automatically if you enable the session.use_trans_sid option. It sounds like Alasdair is getting someone's session ID... maybe it's embedded in the URL he's using to get to the site? Does logging out properly destroy the session and all the session variables?

 

Maybe you could set sessions to expire more often, though that would force people to log in more often.

 

Geek_em8.gif

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




×
×
  • Create New...