Welcome to Geeklog, Anonymous Friday, November 29 2024 @ 09:21 am EST
Geeklog Forums
Logged in users asked to log-in repeatedly?
Status: offline
Kent-Weather
Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
Hello all,
Is there a specific setting i can set for logged-in users to remain logged in? i had permanent & session timeout set to 0 which worked fine if logged in as admin/root, but even setting the default 28800 and 7200 respectivly and refreshing the page (or going to any link within the website itself such as forum[logged out] then to post a new thread) you still get logged out?
Edit : forgot to ask... Is there any reason why i had a normal user able to access my admin panel by pasting the admin panel link? 1.5.2sr4 is the current version im using. I've passworded the directory to prevent further risks but am very shocked at the exploit
Thank you in advance
Is there a specific setting i can set for logged-in users to remain logged in? i had permanent & session timeout set to 0 which worked fine if logged in as admin/root, but even setting the default 28800 and 7200 respectivly and refreshing the page (or going to any link within the website itself such as forum[logged out] then to post a new thread) you still get logged out?
Edit : forgot to ask... Is there any reason why i had a normal user able to access my admin panel by pasting the admin panel link? 1.5.2sr4 is the current version im using. I've passworded the directory to prevent further risks but am very shocked at the exploit
Thank you in advance
13
15
Quote
Status: offline
Kent-Weather
Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
I know, thats why im asking how is it possible
16
13
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: Kent-Weather
Is there any reason why i had a normal user able to access my admin panel by pasting the admin panel link?
What exactly did the user have access to? It's normal that when a user gets any type of admin access, e.g. for a plugin, that they have access to admin/moderation.php. But they would only see the icons for the areas there that they have access to (plus the icons for Documentation and Logout).
So which additional rights did that user have?
bye, Dirk
14
17
Quote
Status: offline
Kent-Weather
Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
yes resolved by same query Dirk but thank you lol.
any ideas on the cookies still? or ideal settings to remain signed in on user accounts and not admin?
any ideas on the cookies still? or ideal settings to remain signed in on user accounts and not admin?
9
15
Quote
Chris
Anonymous
We had an issue where signed in users would get dropped quickly and asked to sign back in. The fix for that particular issue is: http://www.geeklog.net/forum/viewtopic.php?showtopic=83631 . Not sure if that's your problem though.
14
18
Quote
Status: offline
Kent-Weather
Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
Hello Chris and thank you for the reply.
Using the code listed in the linked page gives an SQL error
Using the code listed in the linked page gives an SQL error
15
10
Quote
Status: offline
Kent-Weather
Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
bumping this as i have not recieved a fix and am still experiencing the same problem where users are being logged out after what seems like 10-15seconds. I've upgraded to 1.6.0rc1 to see if this would help, and it has not....
Im able to replicate the error by clicking onto different links across my site. It seems to be a site setting im missing. please advise
Im able to replicate the error by clicking onto different links across my site. It seems to be a site setting im missing. please advise
32
13
Quote
Status: offline
Kent-Weather
Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
Which file contains the $_CONF['site_url'] please 1000ideen ?
30
17
Quote
Status: offline
Kent-Weather
Forum User
Junior
Registered: 03/26/09
Posts: 24
Location:Kent, United Kingdom
Deen, in the configuration file via command and control.
http://www.kent-weather.co.uk
siteconfig.php doesnt contain $_CONF['site_url'] and i dont see any other config file relating to the site itself.
What next?
Thank you also for taking the time to help me on this, i greatfully appreciate it
http://www.kent-weather.co.uk
siteconfig.php doesnt contain $_CONF['site_url'] and i dont see any other config file relating to the site itself.
What next?
Thank you also for taking the time to help me on this, i greatfully appreciate it
11
15
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Going back to the original post:
This doesn't sound right.
There are two timeouts (but three settings) involved here:
The permanent timeout is the one that defines how long the permanent cookie is valid. You can set it to 0 (in the configuration) or "(don't)" (under My Account), so that no permanent cookie is set. The option in the configuration is only the default for new users, the option in My Account overrides it (i.e. that setting is per user).
The other timeout is for how long a session is valid in the database. It's valid for all users. And setting it to 0 is a bad idea.
When the db session times out, Geeklog checks for the permanent cookie, which would log you right back in - if it exists. If you set both timeouts to 0, you will indeed be asked to log in again after every action.
HTH
bye, Dirk
Quote by: Kent-Weather
Is there a specific setting i can set for logged-in users to remain logged in? i had permanent & session timeout set to 0 which worked fine if logged in as admin/root, but even setting the default 28800 and 7200 respectivly and refreshing the page (or going to any link within the website itself such as forum[logged out] then to post a new thread) you still get logged out?
This doesn't sound right.
There are two timeouts (but three settings) involved here:
The permanent timeout is the one that defines how long the permanent cookie is valid. You can set it to 0 (in the configuration) or "(don't)" (under My Account), so that no permanent cookie is set. The option in the configuration is only the default for new users, the option in My Account overrides it (i.e. that setting is per user).
The other timeout is for how long a session is valid in the database. It's valid for all users. And setting it to 0 is a bad idea.
When the db session times out, Geeklog checks for the permanent cookie, which would log you right back in - if it exists. If you set both timeouts to 0, you will indeed be asked to log in again after every action.
HTH
bye, Dirk
17
11
Quote
All times are EST. The time is now 09:21 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content