I have this problem with certain ISPs and dynamic IPs of them. When 2 members' IP matches, one of them will appear to appear to be logged in as the other user (i.e. user1 logged in as user2 when user1 has the same IP as user2 as a result of dynamic IPs).
Anything which can help solve the problem? Only happens for some ISPs though.
The user identification works with cookies, not with IPs.
Ok I mean, whenever user1 reports the problem that he's logged in as user2, the last login IP of both users will always match.
Are you using any plugins or core edits that might be interfering?
Core MyBB will not have this problem since it depends on the cookies and supports dynamic ips.
Run file verification to check the files.
It only happens for certain ISPs... users of other ISPs, even if their IP matches, the problem won't arise.
Yes, simply having the same IP as somebody else will not mean you get logged in as them. There is a cookie that stores your session ID, and it selects the session for that SID and your IP, and there is a cookie that stores your UID and encrypted password loginkey, it's this that loads the user. To login as somebody else, you'd need to have somebody else's cookies. Even if there are 100 sessions with the same IP, it'll load the one that has the session ID that's stored in your cookie, and when it loads the actual user, it'll load the user based on what is stored in your cookie. The code won't act differently because people are using a certain ISP.
That's from the trend I got. I do understand it's from cookies but... it's weird that it happens only on users from that ISP. So... any idea what caused this? It happened on some other forums I went on also.
Without looking at the database or something we can't really see how it happens. As I said, simply having the same IP will not cause this issue, and the ISP you're using will have no effect either. You could have 100 users with the same IP, they would login as themselves, because the cookies stored in their browser are for their session, and their user. If it's showing them logged in as another person, that means that their mybbuser cookie has the UID and loginkey of another person, and looking at it, the IP and session doesn't even have any impact on that anyway, you don't even need a session for it to load the user, so the IP won't change which user is loaded. A user is loaded solely from the mybbuser cookie. And what 'other forums' has this happened on?? We've not had anybody say anything like this has happened for a while...
Perhaps a proxy that caches pages?
Ok ok those were just something I observed. Could be just mere coincidence. So, any idea why this problem arises? Help is appreciated.
