Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro
Author Message
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Mon Apr 10, 2006 1:13 pm Reply with quote

OK here goes, wasn't sure where to post this, but here's my problem.

I was logged into my site today at work and I went into the Admin panel, then I closed my computer down (not sure if I logged out first).
Just before I left I showed one of my colleagues the site on their computer and to my surprise the site displayed with the administration block, waiting content and all the invisible modules showing in the Module block.

Now it's not really a security problem, because when we clicked logout for the admin Sentinal blocked the IP address, but just a bit worried why this happened in the first place.

I've only ever had this on the same computer after logging out then trying to go back in to the admin panel again, so I had brushed it off as a Cookie problem.

I had a quick search of the forums but couldn't find anything similar.

Any ideas?

Oh yeah, I'm using the latest RavenNuke Distro. The only addons I have is the Kalender MX 1.4 module and the Resend Activation Email Hack.


Thanks in Advance
Jakec
 
View user's profile Send private message
Susann
Moderator



Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Mon Apr 10, 2006 6:55 pm Reply with quote

I had a similar problem but my administration block was displayed in the cache of a search engine.I was shocked. Some bots are stupid however since that time I always logout. It´s no security problem but it´s really unwanted. Has nothing to do with your addons.
Maybe the solution is to change the length of the sessions or cookies.Sorry, can´t remember.

Btw:I used at that time an old nuke version.
 
View user's profile Send private message
jakec







PostPosted: Tue Apr 11, 2006 10:22 am Reply with quote

I must admit that I am a newbie, but I thought this wasn't possible.

Am I right in thinking that Nuke uses the cookies to recognise individual users and admins?

But in this case I can only assume that because the computers are on the same network they have the same IP and Nuke initially recognised it as the same user?

Does that make sense?

Would Nuke do that?

Or will it be one of life's mysteries?

I haven't been able to replicate this problem, so it might be a one off.


Jakec
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Tue Apr 11, 2006 2:55 pm Reply with quote

As far as I know, this shouldn't happen even if both machines share the same IP as, theoretically at least, the 'other' machine should not have a cookie for your site on it - unless of course your network set up includes sharing the web browser.

If you have never logged into your admin account from the 'other' computer (assuming your normal user and admin user have different user/passwords) then I would try to replicate it again to be sure but I have certainly never heard of this before.
 
View user's profile Send private message Send e-mail
jakec







PostPosted: Tue Apr 11, 2006 3:04 pm Reply with quote

Well I worked out that I hadn't logged out of the admin panel on my computer, but like you said it just shouldn't happen.

I work for quite a large company, so I doubt they would be sharing the web browser and I have definately never accessed the site from the other computer.

I'll try and replicate it again.


Jakec
 
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Apr 11, 2006 4:29 pm Reply with quote

Are those computers running from a proxy server?

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
jakec







PostPosted: Wed Apr 12, 2006 6:28 am Reply with quote

Yes, the computers are connected through the internet using a proxy server.
 
evaders99







PostPosted: Wed Apr 12, 2006 8:17 am Reply with quote

It may not be the cookie conflicting, but rather the proxy has cached the page and is returning the same cache to all those computers under it.

You can try these META tags that tell browsers to not cache.. [ Only registered users can see links on this board! Get registered or login! ]
But I don't know if they work the same as a proxy server
 
jakec







PostPosted: Wed Apr 12, 2006 11:23 am Reply with quote

Is it possible to just tell the browser to refresh on opening the homepage?

The only downside is that it would slowdown the site I guess.


Jakec
 
demontooth
New Member
New Member



Joined: Apr 04, 2006
Posts: 1

PostPosted: Thu Apr 20, 2006 9:10 pm Reply with quote

I am having this same problem and I don't know what to do.
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Fri Apr 21, 2006 3:01 am Reply with quote

Your best insurance is to make sure that you logout of admin before shutting down your browser.
 
View user's profile Send private message
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.00.00 - v2.02.00 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©