Admin blocks displaying when they shouldn't!

jakec · Posted: Mon Apr 10, 2006 1:13 pm

OK here goes, wasn't sure where to post this, but here's my problem.

I was logged into my site today at work and I went into the Admin panel, then I closed my computer down (not sure if I logged out first).
Just before I left I showed one of my colleagues the site on their computer and to my surprise the site displayed with the administration block, waiting content and all the invisible modules showing in the Module block.

Now it's not really a security problem, because when we clicked logout for the admin Sentinal blocked the IP address, but just a bit worried why this happened in the first place.

I've only ever had this on the same computer after logging out then trying to go back in to the admin panel again, so I had brushed it off as a Cookie problem.

I had a quick search of the forums but couldn't find anything similar.

Any ideas?

Oh yeah, I'm using the latest RavenNuke Distro. The only addons I have is the Kalender MX 1.4 module and the Resend Activation Email Hack.

Thanks in Advance
Jakec

Susann · Posted: Mon Apr 10, 2006 6:55 pm

I had a similar problem but my administration block was displayed in the cache of a search engine.I was shocked. Some bots are stupid however since that time I always logout. It´s no security problem but it´s really unwanted. Has nothing to do with your addons.
Maybe the solution is to change the length of the sessions or cookies.Sorry, can´t remember.

Btw:I used at that time an old nuke version.

jakec · Posted: Tue Apr 11, 2006 10:22 am

I must admit that I am a newbie, but I thought this wasn't possible.

Am I right in thinking that Nuke uses the cookies to recognise individual users and admins?

But in this case I can only assume that because the computers are on the same network they have the same IP and Nuke initially recognised it as the same user?

Does that make sense?

Would Nuke do that?

Or will it be one of life's mysteries?

I haven't been able to replicate this problem, so it might be a one off.

Jakec

Guardian2003 · Posted: Tue Apr 11, 2006 2:55 pm

As far as I know, this shouldn't happen even if both machines share the same IP as, theoretically at least, the 'other' machine should not have a cookie for your site on it - unless of course your network set up includes sharing the web browser.

If you have never logged into your admin account from the 'other' computer (assuming your normal user and admin user have different user/passwords) then I would try to replicate it again to be sure but I have certainly never heard of this before.

jakec · Posted: Tue Apr 11, 2006 3:04 pm

Well I worked out that I hadn't logged out of the admin panel on my computer, but like you said it just shouldn't happen.

I work for quite a large company, so I doubt they would be sharing the web browser and I have definately never accessed the site from the other computer.

I'll try and replicate it again.

Jakec

evaders99 · Posted: Tue Apr 11, 2006 4:29 pm

Are those computers running from a proxy server?

jakec · Posted: Wed Apr 12, 2006 6:28 am

Yes, the computers are connected through the internet using a proxy server.

evaders99 · Posted: Wed Apr 12, 2006 8:17 am

It may not be the cookie conflicting, but rather the proxy has cached the page and is returning the same cache to all those computers under it.

You can try these META tags that tell browsers to not cache..

Only registered users can see links on this board!
Get registered or login to the forums!

But I don't know if they work the same as a proxy server

jakec · Posted: Wed Apr 12, 2006 11:23 am

Is it possible to just tell the browser to refresh on opening the homepage?

The only downside is that it would slowdown the site I guess.

Jakec

demontooth · New Member Joined: Apr 04, 2006 Posts: 1

I am having this same problem and I don't know what to do.

Raven · Posted: Fri Apr 21, 2006 3:01 am

Your best insurance is to make sure that you logout of admin before shutting down your browser.