Hello,
I have a Drupal 4.7 website (I think it's 4.7) and some of my users are experiencing login problems. "Alice" will log in and end up inside "Bob"'s account. Alice can see Bob's account details, edit his blog, etc. Alice is 100% logged in as Bob.
Alice and Bob are in the same building, probably behind a firewall.
Does anyone know what could cause this problem? My first guess is that they are using a shared computer and Bob forgot to log out, but I'm not sure that this is true (btw, this is a school, Alice is a student and Bob a teacher, and Bob is not happy that his students can use his account).
How does Drupal store login information? Does it use a cookie? Or does it use the IP address? I have every reason to believe that Alice and Bob would show up as the same IP, so I hope that's not what Drupal uses. If Drupal only uses cookies, then that means that Bob didn't log out, right? Or is there another possibility?
Thanks for the help.
Cheers, Daniel.
Drupal uses cookies, not IP. If other users don't have this problem, then it is probably the same computer.
On 10/9/07, Daniel Carrera daniel.carrera@zmsl.com wrote:
Hello,
I have a Drupal 4.7 website (I think it's 4.7) and some of my users are experiencing login problems. "Alice" will log in and end up inside "Bob"'s account. Alice can see Bob's account details, edit his blog, etc. Alice is 100% logged in as Bob.
Alice and Bob are in the same building, probably behind a firewall.
Does anyone know what could cause this problem? My first guess is that they are using a shared computer and Bob forgot to log out, but I'm not sure that this is true (btw, this is a school, Alice is a student and Bob a teacher, and Bob is not happy that his students can use his account).
How does Drupal store login information? Does it use a cookie? Or does it use the IP address? I have every reason to believe that Alice and Bob would show up as the same IP, so I hope that's not what Drupal uses. If Drupal only uses cookies, then that means that Bob didn't log out, right? Or is there another possibility?
Thanks for the help.
Cheers, Daniel. -- [ Drupal support list | http://lists.drupal.org/ ]
On Tue, 09 Oct 2007 16:23:54 +0200, Cog Rusty cog.rusty@gmail.com wrote:
On 10/9/07, Daniel Carrera daniel.carrera@zmsl.com wrote:
Hello,
I have a Drupal 4.7 website (I think it's 4.7) and some of my users are experiencing login problems. "Alice" will log in and end up inside "Bob"'s account. Alice can see Bob's account details, edit his blog, etc. Alice is 100% logged in as Bob.
Hi, I use this module to log users out automatically: http://drupal.org/project/autologout
Richard
If this is only one user having the problem, another possibility is that Bob wrote down his password somewhere and Alice saw it. Bob should change his password (and not write it down) and see if the problem disappears.
Daniel Carrera wrote:
Hello,
I have a Drupal 4.7 website (I think it's 4.7) and some of my users are experiencing login problems. "Alice" will log in and end up inside "Bob"'s account. Alice can see Bob's account details, edit his blog, etc. Alice is 100% logged in as Bob.
Alice and Bob are in the same building, probably behind a firewall.
Does anyone know what could cause this problem? My first guess is that they are using a shared computer and Bob forgot to log out, but I'm not sure that this is true (btw, this is a school, Alice is a student and Bob a teacher, and Bob is not happy that his students can use his account).
How does Drupal store login information? Does it use a cookie? Or does it use the IP address? I have every reason to believe that Alice and Bob would show up as the same IP, so I hope that's not what Drupal uses. If Drupal only uses cookies, then that means that Bob didn't log out, right? Or is there another possibility?
Thanks for the help.
Cheers, Daniel.
No, it's happened several times among several pairs of students. But that's in a computer lab, so my first guess was/is that the previous user hadn't logged out.
sander-martijn wrote:
If this is only one user having the problem, another possibility is that Bob wrote down his password somewhere and Alice saw it. Bob should change his password (and not write it down) and see if the problem disappears.
Daniel Carrera wrote:
Hello,
I have a Drupal 4.7 website (I think it's 4.7) and some of my users are experiencing login problems. "Alice" will log in and end up inside "Bob"'s account. Alice can see Bob's account details, edit his blog, etc. Alice is 100% logged in as Bob.
Alice and Bob are in the same building, probably behind a firewall.
Does anyone know what could cause this problem? My first guess is that they are using a shared computer and Bob forgot to log out, but I'm not sure that this is true (btw, this is a school, Alice is a student and Bob a teacher, and Bob is not happy that his students can use his account).
How does Drupal store login information? Does it use a cookie? Or does it use the IP address? I have every reason to believe that Alice and Bob would show up as the same IP, so I hope that's not what Drupal uses. If Drupal only uses cookies, then that means that Bob didn't log out, right? Or is there another possibility?
Thanks for the help.
Cheers, Daniel.
On Tuesday 09 October 2007 05:13:44 Daniel Carrera wrote:
Hello,
I have a Drupal 4.7 website (I think it's 4.7) and some of my users are experiencing login problems. "Alice" will log in and end up inside "Bob"'s account. Alice can see Bob's account details, edit his blog, etc. Alice is 100% logged in as Bob.
Alice and Bob are in the same building, probably behind a firewall.
Does anyone know what could cause this problem? My first guess is that they are using a shared computer and Bob forgot to log out, but I'm not sure that this is true (btw, this is a school, Alice is a student and Bob a teacher, and Bob is not happy that his students can use his account).
How does Drupal store login information? Does it use a cookie? Or does it use the IP address? I have every reason to believe that Alice and Bob would show up as the same IP, so I hope that's not what Drupal uses. If Drupal only uses cookies, then that means that Bob didn't log out, right? Or is there another possibility?
Thanks for the help.
Cheers, Daniel.
My personal take on this is that if Bob can't be bothered to log out, then he deserves what he gets, but I know that doesn't fly to well with the user population. :^) I have a site where this was a problem, so I changed the cookie_lifetime setting in the settings.php file to 0 to force the user to be logged out every time they close their browser. Be warned, however, because of the various caches, it may be a while before everyone is completely affected.
Jason Flatt wrote:
My personal take on this is that if Bob can't be bothered to log out, then he deserves what he gets, but I know that doesn't fly to well with the user population. :^)
:-)
I have a site where this was a problem, so I changed the cookie_lifetime setting in the settings.php file to 0 to force the user to be logged out every time they close their browser. Be warned, however, because of the various caches, it may be a while before everyone is completely affected.
Brilliant! Thanks, I'll try that.
Cheers, Daniel.
Try this Add the following code to your index.php After drupal_page_footer(); add at the end of code add: $GLOBALS['tempUser'] = $user;
On 10/9/07, Daniel Carrera daniel.carrera@zmsl.com wrote:
Jason Flatt wrote:
My personal take on this is that if Bob can't be bothered to log out,
then he
deserves what he gets, but I know that doesn't fly to well with the user population. :^)
:-)
I have a site where this was a problem, so I changed the cookie_lifetime setting in the settings.php file to 0 to force the user
to be
logged out every time they close their browser. Be warned, however,
because
of the various caches, it may be a while before everyone is completely affected.
Brilliant! Thanks, I'll try that.
Cheers, Daniel. -- [ Drupal support list | http://lists.drupal.org/ ]
-
Cog Rusty -
Daniel Carrera -
Jason Flatt -
Kalyani Waychal -
Richard Bennett -
sander-martijn