MyBB Community Forums

Hey guys. I set up a mybb forum system for a school group a couple months ago. All works fine except when we go to post on it from the library computers. Because the school is all under one IP address, all the computers somehow confuse the mybb system and tell everyone they are logged on as someone else. Because this forum system is private I can't let anyone on or provide access publicly. Doing so couldn't even help find the problem anyway. I'm still hoping someone can help though.

When we all go to separate computers in the library and sign in we are told we are logged in as another person that has just logged on, even though we used our own login details. Usually we are all told we are 1 person, who is usually the 1st to log on. To my knowledge its not just displaying we are logged in as someone else, but we actually are. People were able to go under the User CP of other users.

At the same time this was happening, I was on my laptop with a totally separate Internet connection (tethered to my phone) and I did not experience this problem at all. Nobody was logged in as me and I was logged in as nobody. My posting and functions went normally.

I apologize for not being able to tell you any details of the forum, but hopefully you guys can still shed some light on this situation. I'm using mybb version 1.6.4. This is a brand new installation, hasn't been upgraded from anything previous.

If you need any more information that I can provide please let me know. Thanks for your help in advance.

The ip address should not have a say in who is logged on as the login credentials are not dependent on the ip but the username which once verified is stored in the cookie independent of the ip. Your problem seems like a cookie configuration, thats where I would start from.

This thread has more info about the cookies and what they need to set to regarding proper login and logout.

http://community.mybb.com/thread-74904.html

EDIT: It just occurred to me that ips are used in the sessions by php but I doubt this would cause a conflict, I would still start with the cookies.

I can easily duplicate the problem or solve it by ticking or unticking the "remember" box. If "John" logs in on one computer that holds a cookie, then logs in with a second computer, and "Mary" logs in on the computer "John" logged in with, letting the cookie tell MyBB who she is, she's logged in as "John".

Since MyBB won't (AFAIK) run with no cookies, maybe that's a possible mod for 2.0.

@G33K:
The IP can be part of the session ID, but it's not the whole session ID, so it's not a matter of the sessions being confused.

(2011-10-18, 12:32 PM)Rukbat Wrote: [ -> ]I can easily duplicate the problem or solve it by ticking or unticking the "remember" box. If "John" logs in on one computer that holds a cookie, then logs in with a second computer, and "Mary" logs in on the computer "John" logged in with, letting the cookie tell MyBB who she is, she's logged in as "John".

Since MyBB won't (AFAIK) run with no cookies, maybe that's a possible mod for 2.0.

@G33K:
The IP can be part of the session ID, but it's not the whole session ID, so it's not a matter of the sessions being confused.

Just to clarify, does "John" logout before "Mary" logs in? If not then the remember box is working as designed. It is meant to remember you until you logout. If you don't want this then you can remove the remember box so that users don't save their login.