Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
7 - 3 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
     

Re: Staying logged in
by allnewtome on 2006/1/14 14:46:44

To answer my own question ...

1. I was telling people the website address with WWW (e.g. http://www.xoops.org)

2. In mainfile.php the XOOPS_ROOT constant had no WWW (e.g. xoops.org)

The discrepancy between 1 and 2 above caused the problem.

I've changed mainfile.php, and will get the bloke that owns the server to change it so that it always goes to the WWW version of the site name.

Hope this is useful for someone else...
Re: Staying logged in
by allnewtome on 2006/1/11 23:23:47

Just came across a problem... never happened before I used autologin, but perhaps it is not caused by autologin...

xoops/error.php?c=1 page comes up when login:
Quote:

Why am I being redirected here?

XXXX site security has detected that your computer has a firewall setting that is preventing you from registering on the site. We use 'Referrer-checking' know as HTTP_REFERER which makes sure that all contents posted are from authorised users only. Your firewall settings are blocking this information, so this will prevent you from registering properly if you try and proceed.


Apparently this is something to do with cookies... I think it's becuase the autologin thing redirects to website.com instead of http://www.website.com, which confuses the cookies! The bloke who owns the server will change it so that it always redirects to the www version.

Maybe I'm wrong - I would welcome your comments.
Re: Staying logged in
by gdamania on 2006/1/2 17:57:59

The autologin hack never really worked for me for some strange reason... sometimes it would keep a user logged in for about 10 minutes, other time it just didn't work after you closed the browser. My site is running XOOPS 2.2.3.

I hope they will add it as a permanent feature in future XOOPS versions.
Re: Staying logged in
by allnewtome on 2006/1/1 23:16:39

Quote:
It's a pretty blatent security hole that I'm sure you didn't intend.


I hoped that they would take the trouble to log out... but, having thought about it again, I agree with you and will be changing it back to the original setting!

Thank you very much
Re: Staying logged in
by terrion on 2006/1/1 23:12:50

Quote:
so that the auto-login option stays on all the time. Hopefully that was a good idea....


The risk here is to people that access the site from a public place or a physically unsecured compter. A computer lab in a university for example.

When person A logs in, since his session can't time out in the usual way, when another person, B, comes up later in the day and goes to your site person B will be logged in as person A. It's a pretty blatent security hole that I'm sure you didn't intend.

Who's Online

155 user(s) are online (92 user(s) are browsing Support Forums)


Members: 0


Guests: 155


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits