Alasdair Posted May 12, 2003 Share Posted May 12, 2003 So I have now managed to log in as other people on more than one occasion after rebooting my machine. Why is this happening? I am assuming it has something to do with the fact they probably work at the same place I do and when I reboot I get an IP address they they have used at one time or another and I am auotmatically logged on. Is this correct? Quote Link to comment Share on other sites More sharing options...
gapertimmy Posted May 12, 2003 Share Posted May 12, 2003 the matrix has you. lets see, do you share a computer? the only way this may happen is if there is a cookie set on that computer Quote Link to comment Share on other sites More sharing options...
Alasdair Posted May 12, 2003 Author Share Posted May 12, 2003 I dont share my computer with anyone. Last time this happend I got logged in as PLC. Quote Link to comment Share on other sites More sharing options...
gapertimmy Posted May 12, 2003 Share Posted May 12, 2003 interesting, perhaps it could be the IP and the session from teh same IP is still active in the database, the best bet is to make sure you log out, and this should terminate the session from that IP Quote Link to comment Share on other sites More sharing options...
vegetablebelay Posted May 12, 2003 Share Posted May 12, 2003 Dan, izzat you? Quote Link to comment Share on other sites More sharing options...
JoshK Posted May 12, 2003 Share Posted May 12, 2003 Where do you work? Should I be concerned? Quote Link to comment Share on other sites More sharing options...
jon Posted May 12, 2003 Share Posted May 12, 2003 So maybe Dan, Peter, Jen, and Pierce all work at the same place? That explains everything!!!! Sorry Dan! Quote Link to comment Share on other sites More sharing options...
Alasdair Posted May 12, 2003 Author Share Posted May 12, 2003 JoshK said: Where do you work? Should I be concerned? You should be very concerned. ALL YOUR BASE ARE BELONG TO US! Quote Link to comment Share on other sites More sharing options...
slothrop Posted May 12, 2003 Share Posted May 12, 2003 That sounds like bogus session management. Shouldn't there be a session key associated with each session, sent on every request in a cookie or as part of the URL? I know PHP does this automatically if you enable the session.use_trans_sid option. It sounds like Alasdair is getting someone's session ID... maybe it's embedded in the URL he's using to get to the site? Does logging out properly destroy the session and all the session variables? Maybe you could set sessions to expire more often, though that would force people to log in more often. Quote Link to comment Share on other sites More sharing options...
Ade Posted May 14, 2003 Share Posted May 14, 2003 ALL YOUR BASE ARE BELONG TO US! How fuckin nerdy is that. Quote Link to comment Share on other sites More sharing options...
Cpt.Caveman Posted May 14, 2003 Share Posted May 14, 2003 I have had this done before too. That's when it's time to be really malicious. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.