Re: big problem : session + PHPSESSID [Beginner's Corner]

1

big problem : session + PHPSESSID

2004/8/4 0:35
spacejoee
Not too shy to talk
Posts: 106
Since: 2004/7/25

Hi everybody !
looks like i m having a big problem on my XOOPS 2.6
when i give an url from my site to someone else
exemple :
http://www.mysite.com/modules/xcgal/index.php?cat=10024&PHPSESSID=433abbf96a25f0f26a24f41f3c868e6f

he automaticly get logged as I ! and he have acces to my private messages, my admin panel, and every thing he posts is with my username !

what should i do ?
i can't upgarde to 2.7 because i have many modules (newbbpro xcgal ....) that are not compatible with this lastest version ...

please help

2

Re: big problem : session + PHPSESSID

2004/8/4 1:05
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Of course he will have, you just gave him a live session in you link.

try taking the &PHPSESSID=433abbf96a25f0f26a24f41f3c868e6f bit off, in future.

3

Re: big problem : session + PHPSESSID

2004/8/4 1:09
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Quote:

what should i do ?
i can't upgarde to 2.7 because i have many modules (newbbpro xcgal ....) that are not compatible with this lastest version

On another point, imagine when you have to upgrade due to a massive security problem, you'll be stuck defenceless then, because of so many core modifications?

4

Re: big problem : session + PHPSESSID

2004/8/4 1:09
spacejoee
Not too shy to talk
Posts: 106
Since: 2004/7/25

hi, and thank you for your fast reply,

well, yes of corse it will be okey if i remove the PHPSESSID !
but i just can't ask all my members to do so !
of corse, you, and I, and other web-addicts could easly understand that the PHPSESSID is not necessary, but what about others ?!

there is not any solution for this problem ?
asking all my members to don t give the url would be impossible .

concerning upgarde to v2.7 i m waiting for the new newbbpro ... otherwise i think that i will lose all my posts ...

5

Re: big problem : session + PHPSESSID

2004/8/4 1:18
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

ok don't tell them not too. but your members are logging in with sessions, when they post a link with there session (A session that belongs to them for that session), if it's still a valid session, then the user who gets that link will also use that session.

It's not a bug.

6

Re: big problem : session + PHPSESSID

2004/8/4 1:20
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Quote:

concerning upgarde to v2.7 i m waiting for the new newbbpro ... otherwise i think that i will lose all my posts ...

Newbbpro

or do you mean the new newbb, as newbbpro is a hack?

7

Re: big problem : session + PHPSESSID

2004/8/4 1:28
spacejoee
Not too shy to talk
Posts: 106
Since: 2004/7/25

1 - well, i m using newbbpro ... will it be possible to upgarde to 2.7

2 - well ... is there a way to remove PHPSESSID from the links? it s really creating big problems for me :\ just now, 2 users exchanged their links in an irc chanel ...

Krrrk i m gonna kill my self :s (joke)

8

Re: big problem : session + PHPSESSID

2004/8/4 1:35
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Not tried the pro version, heres a link to a new newbb being developed to replace the default XOOPS one:

http://testsite.xoops2.org/modules/newbb/

The session ID, contains your session information, with out this there wouldn't be a session, hence not loged in.

9

Re: big problem : session + PHPSESSID

2004/8/4 1:36
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

just to add the new newbb is being developed by the Dev Team @

http://dev.xoops.org/modules/xfmod/project/?newbb

10

Re: big problem : session + PHPSESSID

2004/8/4 2:01
spacejoee
Not too shy to talk
Posts: 106
Since: 2004/7/25

okéy ! thank you :) well , when i installed newbbpro (the hack of newbb) it changed the structure of tables ...
are you sure that i can upgrade without any risk ? (end of first question)

for my problem about phpsessid , i ve disabled the "custom sessions" (in french it s : Utiliser une session personnalisée )
and changed the names of my cookies back to : xoops_user

and now when i m surfing on my xoops, i have no more links followed by PHPSESSID ...

is that normal ?

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Re: big problem : session + PHPSESSID

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}