View previous topic :: View next topic |
Author |
Message |
brummer
Joined: 14 Jun 2004 Posts: 4
|
Posted: Mon Jun 14, 2004 5:40 pm Post subject: Mutiple login from same ip |
|
|
I noticed on my work when more people are logged in comming from the same ip-adres.
when they login as user1 and somebody is logged in as user2.
the pages are mixed up user1 kan change user2 data and user2 can change user1 data how is that possible? |
|
Back to top |
|
|
Peffis Site Admin
Joined: 09 Sep 2003 Posts: 324 Location: Sweden
|
Posted: Tue Jun 15, 2004 10:10 am Post subject: |
|
|
That sounds strange. Authentication is not the best but that shouldn't really happen. It is simple and based on cookies set in the browser of the client. The only explanation I can think of is that you are all behind the same http-proxy and the proxy hands out a cached page, making the browser set another cookie sometimes. There's a bug in the pages in that they don't explicitly say "don't cache" to the proxies and browsers. Perhaps if that is added it would not behave this way. |
|
Back to top |
|
|
brummer
Joined: 14 Jun 2004 Posts: 4
|
Posted: Tue Jun 15, 2004 12:33 pm Post subject: reply |
|
|
well i tryed it at home last night same problem there with no proxy or firewall.
2 different machines logged in same problem there |
|
Back to top |
|
|
Peffis Site Admin
Joined: 09 Sep 2003 Posts: 324 Location: Sweden
|
Posted: Tue Jun 15, 2004 2:13 pm Post subject: |
|
|
Interesting. I don't really know what's going on here. I'll look into it once I get the time. All I can say is that there is nothing in authentication/authorization/login that depends on the ip-address. It's all cookie-based and two different logins should never get the same cookie as the cookie is the user name and password joined together. Perhaps PHP buffers results based on IP but that doesn't explain how you can alter someone else's settings. |
|
Back to top |
|
|
bracelet
Joined: 08 Sep 2005 Posts: 2
|
|
Back to top |
|
|
|