[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] users Session getting mixed up with another
"kyle@invisio.com" wrote:
> ****** message to minivend-users from "kyle@invisio.com" <kyle@invisio.com> ******
>
> This is covered in the archives, search for wideopen.
>
> This is a problem with 3.12 and earlier. To fix upgrade to the newest
> version.
>
>
<snip>
I should have given more details (again!)
I am using 3.14 currently on RHL5.2
This has been reported about 5 times in the last week by users of my site.
It started when I stopped using frames.
I think I will have to stop using the userdb if I cant sort it as i cant afford to have the
risk of someone abusing the problem.
I will look for wideopen to see if it gives any clues.
Macky..
> I would advise if at all possible to go the upgrade route, once you start
> modifying
> these modules you may come to a point where an upgrade will be a big headache.
> Although this modification would not matter in an upgrade, because there is a
> fix in the upgrade that covers this point.
>
> Kyle Cook (KC)
>
> At 03:10 PM 10/11/99 +0100, you wrote:
> >****** message to minivend-users from macky@staktrading.com ******
> >
> >Hi All,
> >I have people reporting that they see another user logged in when
> >browsing our site.
> >I have checked the log and it seems that the session number gets
> >changed to that of another user.
> >This is a bit of a risk as if the user has entered an address and/or
> >card number, the other user will see it.
> >
> >Could this be anything todo with caching of pages with sessionID?
> >I have only seen this since I have taken the pages out of frames.
> >Macky..
> >
> >somebody.co.uk - - [11/Oct/1999:10:15:15 +0100] "GET
> >/shop/images/contact.jpg HTTP/1.0" 304 -
> >"http://online.com/cgi-bin/shop/order?hASFBaMz;27273;810" "Mozilla/4.0
> >(compatible; MSIE 5.0; Windows NT; DigExt)"
> >
> >somebody.co.uk - - [11/Oct/1999:10:15:15 +0100] "GET
> >/shop/images/customer.jpg HTTP/1.0" 304 -
> >"http://online.com/cgi-bin/shop/order?hASFBaMz;27273;810" "Mozilla/4.0
> >(compatible; MSIE 5.0; Windows NT; DigExt)"
> >
> >someonelse.ac.uk - - [11/Oct/1999:11:54:21 +0100] "GET
> >/cgi-bin/shop/contactus?hASFBaMz;;683 HTTP/1.0" 200 9768
> >"http://online.com/cgi-bin/shop/scan/sf=CATEGORY/sf=KEYWORD/se=MEMORY-GENERI
> >C/se=QL?JxthrmfY;;97"
> >"Mozilla/4.5C-SGI [en] (X11; I; IRIX 6.5 IP22)"
> >
> >someonelse.ac.uk - - [11/Oct/1999:11:54:55 +0100] "GET
> >/cgi-bin/shop/contactus?JxthrmfY;;129 HTTP/1.0" 200 9768
> >"http://online.com/cgi-bin/shop/contactus?hASFBaMz;;683"
> >"Mozilla/4.5C-SGI [en] (X11; I; IRIX 6.5 IP22)"
> >
> >
> >-
> >To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
> >email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
> >Archive of past messages: http://www.minivend.com/minivend/minivend-list
>
> -
> To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
> email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
> Archive of past messages: http://www.minivend.com/minivend/minivend-list
--
*----------------------------------------------------------------*
Stak Trading Networking and Internet Department
Tel: +44 (0)8704 420 445 Fax: +44 (0)8704 420 447
URL: http://www.staktrading.com E-mail: networking@staktrading.com
