Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved [General] Users load forum to find themselves logged in another account
Not Solved

I have four users who are experiencing a weird problem: they access my forum and find themselves logged in under a completely different user, even though they are accessing the site on a computer that the other user has never accessed.

The only commonality is that all of them are based in the same city (though again they are using different IP addresses). Any suggestions on what's going on?
Not Solved
To be "already logged in" the cookie must be set in their browser. This sounds really strange, hope you can figure it out and share the answer here...
MyBB is the best forum software! Exclamation

Not Solved
This user has been denied support. This user has been denied support.
I've had this occur a few times at my forums. I count it as an anomaly in the database. Doubtful this can be replicated otherwise we'd see more people report it.
Not Solved
Glitch in the matrix? Smile
Not Solved
I wonder if admin in same city and other user in same city would find himself logged in as that admin?
Not Solved
This problem persists. It's happening with 4 users who are all living in Bangkok. Maybe the country uses some type of filtering software.

I'm currently in Europe.
So Thailand does have some type of a firewalll. Here's what a user told me:

"My wild guess would be an ISP caching issue possibly related to the national Thai firewall."
Not Solved
You're not the first person to report this but with the way the cookies and auto-logging in works I just can't see how it's possible.

Basically the cookie that logs you in is formed by joining your user ID and your login key, separated by an underscore. So if my login key, which is stored in the database for my user, was qwertyuiopasdfghjklzxcvbnm and my user ID was 1, the cookie would be 1_qwertyuiopasdfghjklzxcvbnm. Then when I visit the site it checks if the user ID and login key match a user in the database, and it they do, logs you in. The only way you can login as somebody else is if you had their login key, and user ID, in your cookie, but MyBB won't set someone else's details to your cookie. The login key is a randomly generated 50 character sting, so the chances of having two of those the same is essentially nil, but even if there was 2 the same, the cookie would still need someone else's user ID as well. The locality of the users should have nothing to do with it, however do you know if they are all in the same physical location, like in an office over a network? Though you said they have different IPs so it may not be that... it's just as far as I remember, other people who have had this have been people on local networks and something on their network must share cookies or something weird. I don't know how that would work or why it would be there but I know for sure at least one person, probably more, who had this problem, had it over a local network. But it is still a really weird problem as it happens so rarely.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Not Solved
There are not in the same building, but in all likelihood are using the same ISP. They have sent me screenshots of the forum page when they were logged in to another user's account, with full privileges to post and read PMs.
Not Solved
Right, create a file called cookietest.php, put it in the root of your forum, and put this code in it:

PHP Code:
echo $_COOKIE['mybbuser'];

Ask them to go to and this will echo out the cookie they have that's logging them in. If you could then post that here, and for each user, post what their actual user ID is (at the end of the URL when you visit their profile) - this is of their own account, not the one they're being logged in as. Then I'll see if I can try and connect the dots.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Not Solved
Hi I've got this problem yesterday ;;
And truly the location had nothing to do with it as ALL THE MEMBERS WHO WERE ONLINE THEN encountered it.

Furthermore, when I tried to log myself out, the forums would say I couldn't and that I had to press the Log out button at the top right or something. I pressed. I logged myself out but when I refreshed the page, yeah again I was under another acc.

I personally don't see this as an inconvenience for members, but I see it as a risk for my forums as they can log in my admin accounts ;;

At the moment, the problem has gone away attributing to no reason but I'm afraid it may come back and I'm not always there to close the site on time ;;

So possibly is there anyway to prevent that? Thank you!

PS. The accounts that we were forced to log in were kinda at random I think... ;; Most of them were the ones who were actually online at the moment, but some were not even active members

Forum Jump:

Users browsing this thread: 1 Guest(s)