1
spacejoee
big problem : session + PHPSESSID
  • 2004/8/4 0:35

  • spacejoee

  • Not too shy to talk

  • Posts: 106

  • Since: 2004/7/25


Hi everybody !
looks like i m having a big problem on my XOOPS 2.6
when i give an url from my site to someone else
exemple :
http://www.mysite.com/modules/xcgal/index.php?cat=10024&PHPSESSID=433abbf96a25f0f26a24f41f3c868e6f

he automaticly get logged as I ! and he have acces to my private messages, my admin panel, and every thing he posts is with my username !

what should i do ?
i can't upgarde to 2.7 because i have many modules (newbbpro xcgal ....) that are not compatible with this lastest version ...

please help

2
tom
Re: big problem : session + PHPSESSID
  • 2004/8/4 1:05

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


Of course he will have, you just gave him a live session in you link.

try taking the &PHPSESSID=433abbf96a25f0f26a24f41f3c868e6f bit off, in future.

3
tom
Re: big problem : session + PHPSESSID
  • 2004/8/4 1:09

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


Quote:
what should i do ?
i can't upgarde to 2.7 because i have many modules (newbbpro xcgal ....) that are not compatible with this lastest version


On another point, imagine when you have to upgrade due to a massive security problem, you'll be stuck defenceless then, because of so many core modifications?

4
spacejoee
Re: big problem : session + PHPSESSID
  • 2004/8/4 1:09

  • spacejoee

  • Not too shy to talk

  • Posts: 106

  • Since: 2004/7/25


hi, and thank you for your fast reply,

well, yes of corse it will be okey if i remove the PHPSESSID !
but i just can't ask all my members to do so !
of corse, you, and I, and other web-addicts could easly understand that the PHPSESSID is not necessary, but what about others ?!

there is not any solution for this problem ?
asking all my members to don t give the url would be impossible .

concerning upgarde to v2.7 i m waiting for the new newbbpro ... otherwise i think that i will lose all my posts ...


5
tom
Re: big problem : session + PHPSESSID
  • 2004/8/4 1:18

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


ok don't tell them not too. but your members are logging in with sessions, when they post a link with there session (A session that belongs to them for that session), if it's still a valid session, then the user who gets that link will also use that session.

It's not a bug.

6
tom
Re: big problem : session + PHPSESSID
  • 2004/8/4 1:20

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


Quote:

concerning upgarde to v2.7 i m waiting for the new newbbpro ... otherwise i think that i will lose all my posts ...


Newbbpro

or do you mean the new newbb, as newbbpro is a hack?

7
spacejoee
Re: big problem : session + PHPSESSID
  • 2004/8/4 1:28

  • spacejoee

  • Not too shy to talk

  • Posts: 106

  • Since: 2004/7/25


1 - well, i m using newbbpro ... will it be possible to upgarde to 2.7


2 - well ... is there a way to remove PHPSESSID from the links? it s really creating big problems for me :\ just now, 2 users exchanged their links in an irc chanel ...

Krrrk i m gonna kill my self :s (joke)

8
tom
Re: big problem : session + PHPSESSID
  • 2004/8/4 1:35

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


Not tried the pro version, heres a link to a new newbb being developed to replace the default XOOPS one:

http://testsite.xoops2.org/modules/newbb/

The session ID, contains your session information, with out this there wouldn't be a session, hence not loged in.

9
tom
Re: big problem : session + PHPSESSID
  • 2004/8/4 1:36

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


just to add the new newbb is being developed by the Dev Team @

http://dev.xoops.org/modules/xfmod/project/?newbb

10
spacejoee
Re: big problem : session + PHPSESSID
  • 2004/8/4 2:01

  • spacejoee

  • Not too shy to talk

  • Posts: 106

  • Since: 2004/7/25


okéy ! thank you :) well , when i installed newbbpro (the hack of newbb) it changed the structure of tables ...
are you sure that i can upgrade without any risk ? (end of first question)


for my problem about phpsessid , i ve disabled the "custom sessions" (in french it s : Utiliser une session personnalisée )
and changed the names of my cookies back to : xoops_user

and now when i m surfing on my xoops, i have no more links followed by PHPSESSID ...

is that normal ?

Login

Who's Online

378 user(s) are online (281 user(s) are browsing Support Forums)


Members: 0


Guests: 378


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits