valantislevas Posted February 28, 2018 Posted February 28, 2018 Hello all, I just upgrade to 4.2.7 my forum and i move it on new server.. all was ok but some members said that they get logged into other forum accounts than their own. how can this be resolved?
valantislevas Posted February 28, 2018 Author Posted February 28, 2018 many i will post a few later because i am at work.. but you think the problem is on plugin? somewhere i see that maybe was database problem or something?
Rhett Posted February 28, 2018 Posted February 28, 2018 This indicates a server-side caching issue, which is caching your sessions. (which it should never do)
valantislevas Posted February 28, 2018 Author Posted February 28, 2018 so i must contact with my provider to fix that issue? but this problem only some people had
Rhett Posted February 28, 2018 Posted February 28, 2018 Just now, valantislevas said: so i must contact with my provider to fix that issue? but this problem only some people had Yes, it indicates that something server side is caching php sessions, which isn't a good thing. Have them check and disable any server-side caching, varnish cache is a likely culprit.
Michael R Posted February 28, 2018 Posted February 28, 2018 I am not sure if this is the same issue or not. I am hoping you can tell me. I just had two members tell me that they are seeing each other's profile information when logging in. They have sent me screenshots to prove it. Now, they did log in as each other multiple times. I first thought that maybe they were not paying attention to the username and passwords when logging in. But they swear they were logging out and logging in with the correct credentials each time. Could this issue possibly be related?
valantislevas Posted February 28, 2018 Author Posted February 28, 2018 maybe we have same issue also my members was logged and after refresh the website show up with other's user account
Michael R Posted March 1, 2018 Posted March 1, 2018 1 hour ago, valantislevas said: maybe we have same issue also my members was logged and after refresh the website show up with other's user account That's what they were seeing. It's frustrating not being able to give them and answer.
Rhett Posted March 1, 2018 Posted March 1, 2018 2 hours ago, valantislevas said: maybe we have same issue also my members was logged and after refresh the website show up with other's user account 50 minutes ago, Michael R said: That's what they were seeing. It's frustrating not being able to give them and answer. 6 hours ago, Rhett said: This indicates a server-side caching issue, which is caching your sessions. (which it should never do) Please read above, now you just need to identify if/which server-side cache is causing this issue and have it properly configured not to cache php sessions, have your host disable all server-side caches, clear cookies and browser cache for the site, then re-test while server-side caching is off. If that resolves the issue, get with your hosting provider to discussing properly configuring it not to cache php sessions, which it should never do anyway.
Michael R Posted March 1, 2018 Posted March 1, 2018 I will check with my server provider today. In the meantime, I am still concerned that this is happening. How is it possible that two members are seeing each other's profile information when they log in as themselves? I initially thought that maybe it had to do with them logging using the other's credentials but they sent me screen shot of this issue before they exchanged logins. And the system logs verify it. These members are livid and very vocal. This is very concerning to me.
bfarber Posted March 1, 2018 Posted March 1, 2018 You can always submit a ticket so we can take a look. Server side caching is a likely culprit. Varnish, cloudflare, and similar can be misconfigured and cause this. Cookie configuration issues are a possibility, albeit not the most likely one. Third party plugins could be to blame too. In short, we can only give you some ideas as to the possible cause without taking a first hand look.
Michael R Posted March 1, 2018 Posted March 1, 2018 I will log a ticket. These members are being very vocal about this issue on the community. Some members are commenting that they are being hacked and the site is unsafe.
Ramsesx Posted March 1, 2018 Posted March 1, 2018 26 minutes ago, Michael R said: I will log a ticket. These members are being very vocal about this issue on the community. Some members are commenting that they are being hacked and the site is unsafe. A horrible situation indeed, please keep us informed what caused this issue. Thanks.
AlexWright Posted March 1, 2018 Posted March 1, 2018 Disable Varnish cache if it's enabled. If you are running nginx (as either an apache replacement or as a reverse proxy), make sure it's not caching php sessions or cookies either. After that, go to your ACP, under login handlers (last I used it anyways) and select "logout all users". Run the support tool now. This fixed it for us (we were running nginx in this instance [EnginTron for cPanel/WHM]) as a reverse proxy).
valantislevas Posted March 4, 2018 Author Posted March 4, 2018 mine i think was fixed from server side was the problem propably.. as my members told me.. i will check it further on incoming days..
Recommended Posts
Archived
This topic is now archived and is closed to further replies.