MyBB Community Forums
[Security] Session reused on same network - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: General Support (https://community.mybb.com/forum-176.html)
+--- Thread: [Security] Session reused on same network (/thread-164418.html)



Session reused on same network - ict22 - 2014-12-19

Hi,

I've just installed a version of the board, and a group of users work for the same organisation behind a proxy. They are saying that on initial login they are getting the greeting of another user. They can't actually do anything and are presented a login page, however they don't get Hi, guest

This didn't used to be a problem on vBulletin 3. Are there any suggestions how I could check or reconfigure to help those users?

Regards,

JP

Having looked into it a bit further. The it seems to be mainly the greeting, the moment anything that requires a login (which is everything as that option is forced) the login box appears.

I'm going to their site in the next few days to see what is happening, it is very strange and doesn't provide them with confidence.


RE: Session reused on same network - VoIP - 2014-12-19

Interesting. I am not entirely sure if your corporate is a private based, but a suggestion is to login from another network, or use a different IP. This is dangerous indeed. Let me look into how sessions are stored to check out what is happening.


RE: Session reused on same network - ict22 - 2014-12-19

It doesn't seem to do it from any other location. I've tried it from my location on three computers, two phones and two tablets and it seems fine. I had one of the users go outside on their mobile and try it and it was fine as well.

It is purely on that network where they have unattributable internet via a proxy server to their user community.

It is very odd, mainly seems to be the greeting....


RE: Session reused on same network - .m. - 2014-12-19

you can try scrutinizing user IPs

admin panel >> configuration >> settings >> Server and Optimization Options --> Scrutinize User's IP address?
--> select yes & save settings


RE: Session reused on same network - ict22 - 2014-12-19

Thank you for the suggestion.

What does it actually do this setting? I mean in context of mybb?


RE: Session reused on same network - .m. - 2014-12-19

^ with IP scrutinization MyBB tries to get actual IP address of user