Avatar

multiple forums on same webspace (Bugs)

by Auge ⌂, Sunday, September 12, 2010, 01:03 (4947 days ago) @ daniel

Hello

If several forums, say forum A and forum B, are installed on the same webspace and two (different) users choose the same nickname (one in forum A, the other in forum B), then either of these users may log into "his" forum with his password and go to the other forum without logging out - with the effect, that he is logged into the other guy's account :-)

That's truly a bug. It seems to be caused by the name settings of the cookies (mlf2_*) wich are the same in both forums by default and the PHPSESSID. If you – as the user of forum A – are logged in there, you initialise a session for your nickname. These data (including your nickname) are stored at the server, identified with PHPSESSID. If you change now to the other forum (B), the session is still present (with your nickname of forum A). Forum B will read your cookies (it reads the same cookie names), will find your session and will log in the wrong user.

Possible solution with two independent installations: make the cookie names dependant i.e. from the database table prefixes (wich must be different if only one database is used and should be different with different databases).

Possible solution with partially independant installations: use the same user table in both/all forums. Therefore the table must be upgraded with a field for the forum ID of the registration or it has to be supplemented by a new table if one user is registered for more than one forum on the same server.

In both cases this is future stuff (not yet implemented).

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!


Complete thread:

 RSS Feed of thread