[support] Login issues
Jason Flatt
drupal at oadaeh.net
Tue Oct 9 14:41:16 UTC 2007
On Tuesday 09 October 2007 05:13:44 Daniel Carrera wrote:
> Hello,
>
> I have a Drupal 4.7 website (I think it's 4.7) and some of my users are
> experiencing login problems. "Alice" will log in and end up inside
> "Bob"'s account. Alice can see Bob's account details, edit his blog,
> etc. Alice is 100% logged in as Bob.
>
> Alice and Bob are in the same building, probably behind a firewall.
>
> Does anyone know what could cause this problem? My first guess is that
> they are using a shared computer and Bob forgot to log out, but I'm not
> sure that this is true (btw, this is a school, Alice is a student and
> Bob a teacher, and Bob is not happy that his students can use his account).
>
> How does Drupal store login information? Does it use a cookie? Or does
> it use the IP address? I have every reason to believe that Alice and Bob
> would show up as the same IP, so I hope that's not what Drupal uses. If
> Drupal only uses cookies, then that means that Bob didn't log out,
> right? Or is there another possibility?
>
> Thanks for the help.
>
> Cheers,
> Daniel.
My personal take on this is that if Bob can't be bothered to log out, then he
deserves what he gets, but I know that doesn't fly to well with the user
population. :^) I have a site where this was a problem, so I changed the
cookie_lifetime setting in the settings.php file to 0 to force the user to be
logged out every time they close their browser. Be warned, however, because
of the various caches, it may be a while before everyone is completely
affected.
--
Jason Flatt
http://www.oadaeh.net/
Father of Six: http://www.flattfamily.com/ (Joseph, 14; Cramer, 12; Travis,
10; Angela; Harry, 7; and William, 12:04 am, 12-29-2005)
Linux User: http://www.xubuntu.org/
Drupal Fanatic: http://drupal.org/
More information about the support
mailing list