Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
users behind proxy server seeing mixed userids and inboxes
sashae
New
I've gotten a couple of reports from users on my site (running 2.0.18b2) that work in the same office that they've seen instances where their userid/posting identity will get "flipped" -- ie, UserA will hit my site to post, and will post as UserB.
UserB will be able to click on her inbox, and see messages/old whispers from UserA.
This hasn't been reported by any other users, so I strongly suspect it's related to their being behind a proxy server (of some type, they don't know what) in their office.
Any ideas what would cause this, or how to solve it?
UserB will be able to click on her inbox, and see messages/old whispers from UserA.
This hasn't been reported by any other users, so I strongly suspect it's related to their being behind a proxy server (of some type, they don't know what) in their office.
Any ideas what would cause this, or how to solve it?
Tagged:
0
Answers
UserIDs get mixed up, Inbox threads are visible to other users (but permission denied is given if the user attempts to click on a thread.) This is definitely problematic -- is there something being done that caches user display based on IP?
Could you update to the latest unstable? I saw a commit about caching (stuff set to tell proxies not to cache certain things).
It will surely help.
https://github.com/vanillaforums/Garden/commit/7dd2f630e15c4d2d4f53f8179abe4d6f056b0314