vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Users being automatically logged in, even after logging out (https://vborg.vbsupport.ru/showthread.php?t=300711)

findingpeace 08-01-2013 02:58 PM
Users being automatically logged in, even after logging out
 
We have a big security issue here. Several users are reporting that when they log out, and then return to the site, they are still logged in. I have verified it from several different browsers / computers.

Is this a known issue with vBulletin 4.2.1?

Thanks!

Lynne 08-01-2013 03:24 PM
What is your site URL? What is your Cookie Domain? Have you tried clearing your cookies for the site?

findingpeace 08-01-2013 04:08 PM
Forum URL: ourdomain
Cookie domain: (blank)
Path to save cookies: /

Yes, I've asked them all to clear cookies and the problem persists

Lynne 08-01-2013 07:23 PM
Do you have an .htaccess file in place - if so, what is in it? Does your host have any caching enabled on the server (if you aren't sure, please ask them about ANY caching including just using mod_expires or mod_headers)?

findingpeace 08-02-2013 12:18 PM
Hi Lynne,

Thanks so much for your quick help.

.htaccess file is empty. However I remember turning on this option in config.php because someone told me it would make my site faster:

Code:
$config['Datastore']['class'] = 'vB_Datastore_Filecache';
Could that be the culprit? I've also opened a case with my hosting company to ask about caching options

mokujin 08-02-2013 12:27 PM
try to reupload file in ./includes/datastore/datastore_cache.php
I had same problem once few years ago.

findingpeace 08-02-2013 12:50 PM
Thanks mokujin! I have re-uploaded the file and also just commented out the line in our config file, since we don't really need the extra speed now that we are on a faster VPS

--------------- Added [DATE]1375457169[/DATE] at [TIME]1375457169[/TIME] ---------------

That did the trick, thank you both for all of the help!

findingpeace 08-05-2013 06:54 PM
Hi Lynne,

I spoke too soon, we're still having issues with this across multiple accounts. My host let us know that the following caching is enabled:

eAccelerator
mod_expires
mod_headers

Are these causing that issue?

Lynne 08-05-2013 07:49 PM
mod_expires and mod_headers will cause this issue if they are not written correctly.

findingpeace 08-05-2013 08:25 PM
Thanks! Do you know how I can check this? Is it in the apache configuration? Is there a recommendation/standard that I could send along to my hosting company to write it as?

--------------- Added [DATE]1375738366[/DATE] at [TIME]1375738366[/TIME] ---------------

Would it be worth just disabling both for testing?

Lynne 08-05-2013 11:28 PM
Remove all the lines and see if it works fine then. Then only add back lines for images and such.

findingpeace 08-06-2013 01:01 AM
I've removed expires, headers, and eAccelerator. Restarted Apache, asked users to clear cookie/cache - they're still having the issue. I even shared screens with them to verify, and it's definitely happening. They click logout, get the "Cookies have been cleared" message, and then go back to the site and are logged in

--------------- Added [DATE]1375754576[/DATE] at [TIME]1375754576[/TIME] ---------------

Here is my apache configuration:

Code:
Apache:
  optmods:
    Access: 1
    Actions: 1
    Alias: 1
    Asis: 0
    AuthAnon: 0
    AuthDB: 0
    AuthDBM: 0
    AuthDigest: 0
    AuthLDAP: 0
    AuthnAlias: 0
    AuthnAnon: 0
    AuthnDBD: 0
    AuthnDBM: 0
    AuthnDefault: 0
    AuthnzLDAP: 0
    AuthzDBM: 0
    AuthzHost: 1
    AuthzOwner: 0
    Autoindex: 1
    Bucketeer: 0
    Cache: 0
    CaseFilter: 0
    CaseFilterIn: 0
    CernMeta: 0
    CharsetLite: 0
    DAVFs: 0
    DAVLock: 0
    DBD: 0
    DIR: 1
    Dav: 0
    Deflate: 0
    DiskCache: 0
    Distcache: 0
    Dumpio: 0
    Echo: 0
    Env: 0
    Expires: 0
    ExtFilter: 0
    Fastcgi: 0
    FileCache: 0
    Fileprotect: 1
    Frontpage: 0
    Headers: 0
    Ident: 0
    Imagemap: 0
    LDAP: 0
    LogAgent: 0
    LogConfig: 1
    LogForensic: 0
    LogReferer: 0
    MPMEvent: 0
    MPMLeader: 0
    MPMPerchild: 0
    MPMPrefork: 0
    MPMThreadpool: 0
    MPMWorker: 0
    MemCache: 0
    Mime: 1
    MimeMagic: 0
    MmapStatic: 0
    Negotiation: 1
    OptionalFnExport: 0
    OptionalFnImport: 0
    OptionalHookExport: 0
    OptionalHookImport: 0
    PHPAsUser: 1
    Proxy: 1
    RaiseFDSetsize: 0
    RaiseHardServerLimit: 0
    Rewrite: 0
    Setenvif: 1
    Speling: 0
    Status: 1
    SymlinkProtection: 0
    UniqueId: 1
    Userdir: 1
    Usertrack: 0
    Version: 0
    VhostAlias: 0
    Watchdog: 0
  version: 2_2
Cpanel::Easy::EAccelerator: 0
Cpanel::Easy::IonCubeLoader: 1
Cpanel::Easy::ModBandwidth: 0
Cpanel::Easy::ModGzip: 0
Cpanel::Easy::ModJk: 0
Cpanel::Easy::ModJk5: 0
Cpanel::Easy::ModMono: 0
Cpanel::Easy::ModMono2: 0
Cpanel::Easy::ModPerl: 0
Cpanel::Easy::ModQos: 0
Cpanel::Easy::ModRuid2: 0
Cpanel::Easy::ModSec: 1
Cpanel::Easy::PHP4: 0
Cpanel::Easy::PHP4::4_4: 0
Cpanel::Easy::PHP4::4_5: 0
Cpanel::Easy::PHP4::4_6: 0
Cpanel::Easy::PHP4::4_7: 0
Cpanel::Easy::PHP4::4_8: 0
Cpanel::Easy::PHP4::4_9: 0
Cpanel::Easy::PHP4::Bcmath: 0
Cpanel::Easy::PHP4::Bz2: 0
Cpanel::Easy::PHP4::CGI: 0
Cpanel::Easy::PHP4::Calendar: 0
Cpanel::Easy::PHP4::Concurrent: 0
Cpanel::Easy::PHP4::Curl: 0
Cpanel::Easy::PHP4::CurlSSL: 0
Cpanel::Easy::PHP4::DBX: 0
Cpanel::Easy::PHP4::Dbase: 0
Cpanel::Easy::PHP4::DiscardPath: 0
Cpanel::Easy::PHP4::DomXslt: 0
Cpanel::Easy::PHP4::Exif: 0
Cpanel::Easy::PHP4::FTP: 0
Cpanel::Easy::PHP4::Fastcgi: 0
Cpanel::Easy::PHP4::ForceCGIRedirect: 0
Cpanel::Easy::PHP4::GD: 0
Cpanel::Easy::PHP4::Gettext: 0
Cpanel::Easy::PHP4::HardPHP: 0
Cpanel::Easy::PHP4::Iconv: 0
Cpanel::Easy::PHP4::Imap: 0
Cpanel::Easy::PHP4::Java: 0
Cpanel::Easy::PHP4::MM: 0
Cpanel::Easy::PHP4::MagicQuotes: 0
Cpanel::Easy::PHP4::MailHeaders: 0
Cpanel::Easy::PHP4::Mbregex: 1
Cpanel::Easy::PHP4::Mbstring: 0
Cpanel::Easy::PHP4::Mcrypt: 0
Cpanel::Easy::PHP4::MemoryLimit: 0
Cpanel::Easy::PHP4::Mhash: 0
Cpanel::Easy::PHP4::MimeMagic: 0
Cpanel::Easy::PHP4::Ming: 0
Cpanel::Easy::PHP4::MysqlOfSystem: 0
Cpanel::Easy::PHP4::Openssl: 0
Cpanel::Easy::PHP4::PDFLib: 0
Cpanel::Easy::PHP4::POSIX: 1
Cpanel::Easy::PHP4::PathInfoCheck: 1
Cpanel::Easy::PHP4::Pear: 1
Cpanel::Easy::PHP4::Pgsql: 0
Cpanel::Easy::PHP4::Pspell: 0
Cpanel::Easy::PHP4::SNMP: 0
Cpanel::Easy::PHP4::SafeMode: 0
Cpanel::Easy::PHP4::SafePHPCGI: 0
Cpanel::Easy::PHP4::Sockets: 0
Cpanel::Easy::PHP4::Swf: 0
Cpanel::Easy::PHP4::TTF: 0
Cpanel::Easy::PHP4::Versioning: 0
Cpanel::Easy::PHP4::Wddx: 0
Cpanel::Easy::PHP4::XmlRPC: 0
Cpanel::Easy::PHP4::XsltSablot: 0
Cpanel::Easy::PHP4::ZendMultibyte: 0
Cpanel::Easy::PHP4::Zip: 0
Cpanel::Easy::PHP4::Zlib: 0
Cpanel::Easy::PHP5: 1
Cpanel::Easy::PHP5::2_17: 0
Cpanel::Easy::PHP5::2_9: 0
Cpanel::Easy::PHP5::3_26: 0
Cpanel::Easy::PHP5::3_27: 1
Cpanel::Easy::PHP5::4_17: 0
Cpanel::Easy::PHP5::5_1: 0
Cpanel::Easy::PHP5::Bcmath: 1
Cpanel::Easy::PHP5::Bz2: 0
Cpanel::Easy::PHP5::CGI: 0
Cpanel::Easy::PHP5::Calendar: 1
Cpanel::Easy::PHP5::Concurrent: 0
Cpanel::Easy::PHP5::Curl: 0
Cpanel::Easy::PHP5::CurlSSL: 1
Cpanel::Easy::PHP5::Curlwrappers: 0
Cpanel::Easy::PHP5::DBX: 0
Cpanel::Easy::PHP5::Dbase: 0
Cpanel::Easy::PHP5::DiscardPath: 0
Cpanel::Easy::PHP5::Enchant: 0
Cpanel::Easy::PHP5::Exif: 0
Cpanel::Easy::PHP5::Expat: 0
Cpanel::Easy::PHP5::FTP: 1
Cpanel::Easy::PHP5::Fastcgi: 0
Cpanel::Easy::PHP5::FileInfo: 0
Cpanel::Easy::PHP5::ForceCGIRedirect: 0
Cpanel::Easy::PHP5::GD: 1
Cpanel::Easy::PHP5::Gettext: 1
Cpanel::Easy::PHP5::HardPHP: 0
Cpanel::Easy::PHP5::Iconv: 0
Cpanel::Easy::PHP5::Imap: 1
Cpanel::Easy::PHP5::Intl: 0
Cpanel::Easy::PHP5::Java: 0
Cpanel::Easy::PHP5::MM: 0
Cpanel::Easy::PHP5::MagicQuotes: 0
Cpanel::Easy::PHP5::MailHeaders: 1
Cpanel::Easy::PHP5::Mbregex: 0
Cpanel::Easy::PHP5::Mbstring: 1
Cpanel::Easy::PHP5::Mcrypt: 1
Cpanel::Easy::PHP5::MemoryLimit: 0
Cpanel::Easy::PHP5::Mhash: 0
Cpanel::Easy::PHP5::MimeMagic: 0
Cpanel::Easy::PHP5::Ming: 0
Cpanel::Easy::PHP5::Mysql: 1
Cpanel::Easy::PHP5::MysqlOfSystem: 1
Cpanel::Easy::PHP5::Mysqli: 1
Cpanel::Easy::PHP5::Openssl: 1
Cpanel::Easy::PHP5::PDFLib: 0
Cpanel::Easy::PHP5::PDO: 0
Cpanel::Easy::PHP5::PDOMySQL: 0
Cpanel::Easy::PHP5::POSIX: 0
Cpanel::Easy::PHP5::PathInfoCheck: 0
Cpanel::Easy::PHP5::Pear: 0
Cpanel::Easy::PHP5::Pgsql: 0
Cpanel::Easy::PHP5::Phar: 1
Cpanel::Easy::PHP5::Pspell: 0
Cpanel::Easy::PHP5::SNMP: 0
Cpanel::Easy::PHP5::SOAP: 0
Cpanel::Easy::PHP5::SQLite3: 1
Cpanel::Easy::PHP5::SafeMode: 0
Cpanel::Easy::PHP5::SafePHPCGI: 0
Cpanel::Easy::PHP5::SilenceDeprecatedPatch: 1
Cpanel::Easy::PHP5::Sockets: 1
Cpanel::Easy::PHP5::Swf: 0
Cpanel::Easy::PHP5::SysTimezone: 1
Cpanel::Easy::PHP5::TTF: 1
Cpanel::Easy::PHP5::Tidy: 0
Cpanel::Easy::PHP5::Versioning: 0
Cpanel::Easy::PHP5::Wddx: 0
Cpanel::Easy::PHP5::WithoutIconv: 0
Cpanel::Easy::PHP5::XSL: 0
Cpanel::Easy::PHP5::XmlRPC: 0
Cpanel::Easy::PHP5::XsltSablot: 0
Cpanel::Easy::PHP5::ZendMultibyte: 0
Cpanel::Easy::PHP5::Zip: 1
Cpanel::Easy::PHP5::Zlib: 1
Cpanel::Easy::PHP5::cPPHPOpts: 0
Cpanel::Easy::PHPSuHosin: 0
Cpanel::Easy::SourceGuardian: 0
Cpanel::Easy::Tomcat::7_0: 0
Cpanel::Easy::Xcache: 0
Cpanel::Easy::Zendopt: 0
_meta:
  implies:
    changed: {}

    circles: {}

  name: PHP Encryption and Image Manipulation (1)
  note: Basic and adds mcrypt, GD and FreeType to PHP along with the Basic configuration options.

Lynne 08-06-2013 05:06 PM
I would suggest posting in the Server Configuration forum over on vbulletin.com for help setting up your server correctly so the caching is disabled for the php pages on your site.

findingpeace 08-07-2013 06:15 PM
Hi Lynne, thank you! They let me know that the issue is allowing both www and non-www access (instead of picking just one), so the cookies remained on one, even if logged out on the other.

Problem is officially resolved

Really appreciate all of your help!!


All times are GMT. The time now is 02:06 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02303 seconds
  • Memory Usage 1,782KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (14)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete