telmiger
Posts: 61
|
| Posted: 07/28/2004, 7:21 AM |
|
I designed an application and used the standard security provided from CCS. username,password, security groups.
The application is in a test phase and multiple people are using the site now.
Today when I tried to go into the site I did not have to log in. I was already logged in as a User.
The User displayed was not one I ever used to log in with. I am guessing it was probably someone that had just logged into the system.
Is this a problem with CCS or is it a problem with the server envirement.
APACHE/ MYSQL?
How can I prevent this from happening again?
Any help would be appreciatet
Tony Elmiger
|
 |
 |
kwillis
|
| Posted: 07/28/2004, 7:56 AM |
|
Sounds like session variables aren't being deleted when a session
terminates.
Sounds more like a web-server configuration problem.
|
|
|
|
RvR
|
| Posted: 07/28/2004, 7:58 AM |
|
Hi
1 Did you connect via proxy?
2 Did you some other user connect from same workstation as you just before you ?
CCS store security data in Session.
This may be session problem in your enviroment.
|
|
|
|
telmiger
Posts: 61
|
| Posted: 07/28/2004, 8:11 AM |
|
Thanks for the quick replay
The application is located on a web hosting account.
There are no other users that connected from my workstation.
My web hosting provider uses the following application version.
APACHE 1.3.31 (Unix)
PHP 4.3.8
MYSQL 4.0.20-standard
|
|
|
|
telmiger
Posts: 61
|
| Posted: 07/28/2004, 8:12 AM |
|
Ups the form just got submitted.
Could the problem be that maybe some database connection have not be closed in my custom code?
Otherwise I will check my web hosting provider
Tony Elmiger
|
|
|
|
RvR
|
| Posted: 07/28/2004, 8:19 AM |
|
I think that database connection not problem in this case.
|
|
|
|
telmiger
Posts: 61
|
| Posted: 07/28/2004, 12:04 PM |
|
I think I figured out what is going on.
I was logged into another application that I desgined with CCS. In this app I am UserID 19. GroupID 10.
When I visit my other app a completley different app it uses the UserID and GroupID from the application I logged in before. The name that shows up has the UserID 19 and I have the GroupID access level 10.
Both apps are placed with the same service provider but use different databases.
Is this this a normal behavior? I am using the Firefox as a browser.
|
|
|
|
peterr
Posts: 5971
|
| Posted: 07/28/2004, 12:08 PM |
|
This looks like normal behavior if the server shares the sessions between Websites. Probably not all Web servers act like this, for example if you setup virtual servers or directories.
You can prevent this by renaming the session variables in Project -> Settings -> Security -> Advanced , so that each application uses different session names.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
