Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Users being automatically logged in, even after logging out
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 08-01-2013, 02:58 PM
findingpeace's Avatar
findingpeace findingpeace is offline
 
Join Date: Nov 2011
Posts: 268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Users being automatically logged in, even after logging out
We have a big security issue here. Several users are reporting that when they log out, and then return to the site, they are still logged in. I have verified it from several different browsers / computers.

Is this a known issue with vBulletin 4.2.1?

Thanks!
Reply With Quote
  #2  
Old 08-01-2013, 03:24 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What is your site URL? What is your Cookie Domain? Have you tried clearing your cookies for the site?
Reply With Quote
  #3  
Old 08-01-2013, 04:08 PM
findingpeace's Avatar
findingpeace findingpeace is offline
 
Join Date: Nov 2011
Posts: 268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Forum URL: ourdomain
Cookie domain: (blank)
Path to save cookies: /

Yes, I've asked them all to clear cookies and the problem persists
Reply With Quote
  #4  
Old 08-01-2013, 07:23 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Do you have an .htaccess file in place - if so, what is in it? Does your host have any caching enabled on the server (if you aren't sure, please ask them about ANY caching including just using mod_expires or mod_headers)?
Reply With Quote
  #5  
Old 08-02-2013, 12:18 PM
findingpeace's Avatar
findingpeace findingpeace is offline
 
Join Date: Nov 2011
Posts: 268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hi Lynne,

Thanks so much for your quick help.

.htaccess file is empty. However I remember turning on this option in config.php because someone told me it would make my site faster:

Code:
$config['Datastore']['class'] = 'vB_Datastore_Filecache';
Could that be the culprit? I've also opened a case with my hosting company to ask about caching options
Reply With Quote
  #6  
Old 08-02-2013, 12:27 PM
mokujin's Avatar
mokujin mokujin is offline
 
Join Date: Oct 2005
Location: Czech
Posts: 345
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
try to reupload file in ./includes/datastore/datastore_cache.php
I had same problem once few years ago.
Reply With Quote
Благодарность от:
findingpeace
  #7  
Old 08-02-2013, 12:50 PM
findingpeace's Avatar
findingpeace findingpeace is offline
 
Join Date: Nov 2011
Posts: 268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks mokujin! I have re-uploaded the file and also just commented out the line in our config file, since we don't really need the extra speed now that we are on a faster VPS

--------------- Added [DATE]1375457169[/DATE] at [TIME]1375457169[/TIME] ---------------

That did the trick, thank you both for all of the help!
Reply With Quote
  #8  
Old 08-05-2013, 06:54 PM
findingpeace's Avatar
findingpeace findingpeace is offline
 
Join Date: Nov 2011
Posts: 268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hi Lynne,

I spoke too soon, we're still having issues with this across multiple accounts. My host let us know that the following caching is enabled:

eAccelerator
mod_expires
mod_headers

Are these causing that issue?
Reply With Quote
  #9  
Old 08-05-2013, 07:49 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
mod_expires and mod_headers will cause this issue if they are not written correctly.
Reply With Quote
Благодарность от:
findingpeace
  #10  
Old 08-05-2013, 08:25 PM
findingpeace's Avatar
findingpeace findingpeace is offline
 
Join Date: Nov 2011
Posts: 268
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks! Do you know how I can check this? Is it in the apache configuration? Is there a recommendation/standard that I could send along to my hosting company to write it as?

--------------- Added [DATE]1375738366[/DATE] at [TIME]1375738366[/TIME] ---------------

Would it be worth just disabling both for testing?
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:05 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04080 seconds
  • Memory Usage 2,248KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (2)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete