Users are being turned into another user.Sessions?

Ok this is weird. I've never noticed it before until a recent major issue. The occurrence that got my attention was this:

 

A member logged on at the same time as myself created an EvoWall post upon submitting they were logged out and the post showed up under my avatar and name.  I contacted them and made sense of it for good client support.  I instantly thought I needed to seek out support for EvoWall but following I am experiencing other issues.  When I go to my account page and click on certain sub-menu items like "Privacy groups", Modzzz Ultimate Email Notifications, and a couple others it changes my avatar to another member entirely and I take on their identity.  If I leave that page and click to visit my profile or another action it remains my own original profile rather than the member avatar and identity that it exchanged me for.  I can click on other mod installs like Raffles and things from other authors and it again makes my avatar that of another members. I am not aware of the possible scenarios that are causing this.

Any ideas? I trying to fix this before others notice what will appear to be a security flaw though I know it probably isn't. Thanks

9 Jun 2014

Someone mentioned maybe an spam module I have installed which is Deanos anti spam but its been in place for a long time with no issues. I disabled it and cleared the cache to find it has no effect on this issue.

9 Jun 2014

This issue also changes my displayed status message to take on that of another member who's avatar is showing.

9 Jun 2014

Sorry to keep posting information but I am posting it as I learn more.  I visited the forums and It gives me the avatar and status message of another member.  However, if I make a post it still shows under my correct account.  I have closed the site to maintenance to protect member interest and avoid confusion.  I have tested under other accounts and this happens for everyone.  It has to be corrected before I can bring it back online.

9 Jun 2014

What's your current version?

There is something similar in these topics,

http://www.boonex.com/forums/topic/Profile-Info-does-not-show-the-correct-name.htm

http://www.boonex.com/trac/dolphin/ticket/3119

ManOfTeal.COM a Proud UNA site, four years running strong!
9 Jun 2014

There is also this.  http://www.boonex.com/forums/topic/Help-Possible-Bug-Avatars.htm

I would start by turning off all caching in dolphin for a while and see what happens. I have always believed there is a problem with dolphins caching system and could be the cause of most problems in dolphin.

https://www.deanbassett.com
9 Jun 2014

@myhuntprofile i have also had occasions when somebody else's icon shows when i go to a sub menu such as photo's, it seems to show the image of the last profile i viewed although i've never taken on their identity, i haven't launched my site yet so it's just on a list of things to do but thought i would let you know that it's not just you it happens to and i would like an answer too, 

@deano92964 sorry for this totally newbie question, you have helped me in the past (and many others i'm sure) by saying that on a development site that all cache should been turned off and you have said to turn it off in this post, so would you mind explaining exactly why we need the cache turned on (on a live site), does it speed up the site? give the user a better experience? or what? because quite frankly i don't have a clue and it just seems to cause problems when it's turned on

9 Jun 2014

 

does it speed up the site? give the user a better experience? or what? because quite frankly i don't have a clue and it just seems to cause problems when it's turned on


Yes. With the cache on, the site is faster. That is the point of caching.

I cannot tell you why dolphin has so many problems when it's on. All i can tell you is i have been running dolphin for 6 years now and have kept caching off for html, css and js. The others are on. Those 3 seem to be the problem ones. And with them off i have not had any problems with my site.

https://www.deanbassett.com
9 Jun 2014

 

somebody else's icon shows when i go to a sub menu such as photo's, it seems to show the image of the last profile

 
I do know that issues like that can occur when the default values for the page block cache is changed in the page builders. Page block caching can only be set at a value higher than 0 for blocks that contain static content. If a block has content that changes frequently or is different for each user that is logged in, then caching on that block has to be set at 0. So that would be the thing i suggest you look at.

https://www.deanbassett.com
9 Jun 2014

@deano92964 many thanks for clearing that up for me

9 Jun 2014

now i've taken the time to look at this, i now notice that it happens all the time, if i clear everything (including browser cookies), whichever is the first profile i view, that profile's photo (not avatar as i don't have that installed) shows up as the main icon whenever i go to another module, such as photo's, video' etc, if they have a status message that shows up also, even if i view other profiles it still shows the photo of the first profile that i viewed as the main icon instead of the Font Awsome (i think that's what they're called) that should be there, i've tried all cache off, some off, all on, nothing makes any difference, now i know about it happening all the time is going to drive me nuts, anybody got any thoughts please?

9 Jun 2014

Have you added any caching methods to your .htaccess file.

Something like an expires caching section that looks similar to this.

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
## EXPIRES CACHING ##

If so, then remove that from your .htaccess file.

https://www.deanbassett.com
9 Jun 2014

 

Have you added any caching methods to your .htaccess file.

Something like an expires caching section that looks similar to this.

## EXPIRES CACHING ##

ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"

## EXPIRES CACHING ##

If so, then remove that from your .htaccess file.

 just had a look, i've got nothing like that 

edit: sorry myhuntprofile, i feel like i've completely hijacked your post

9 Jun 2014

Any other caching such as external caching like CloudFlare?

Sorry to keep pushing caching, but that still is what i believe the problem is. Some kind of caching is going on.

https://www.deanbassett.com
9 Jun 2014

 

if i clear everything (including browser cookies),

 Cookies have nothing to do with this. It's the browser cache you should be clearing after you shut off dolphins caching.

https://www.deanbassett.com
9 Jun 2014

 

Any other caching such as external caching like CloudFlare?

Sorry to keep pushing caching, but that still is what i believe the problem is. Some kind of caching is going on.

 i have no other caching as far as i know, don't know if this helps but i've just noticed that if i close my browser then open it again (without resetting it or clearing anything) and go straight to photo's (or video's etc) the font awesome shows, as soon as i view a profile then go to photo's it shows their photo in place of the font awesome again (and as i say their status message as well if they have one)

9 Jun 2014

I turned off the cache completely, deleted all browser cache, cookies, etc.  The problem appeared to not be there anymore and look normal until I visited another members profile. From that point on it reverts back to doing the same thing. Shows the other members avatar and status message as before in place of my own. It is going to make members think they have accessed anothers account and their security wont feel so confident though that is not the case it is appearance.

 

@ClubandOnline, You are not hijacking the thread. We need some help and have the same problem. Your helping progress the issue while I was sleeping. Helps out. Thanks.

 

Thanks Deano for your suggestions as well they seemed a very likely culprit and maybe still is but I do not know any other way to address the cache.  I do not use any block cache. Everything is "0".

@ Newton- I run 7.1.4. Should be clear of a version issue.

9 Jun 2014

Maybe a long shot but could this be a template issue? What template do you use ClubandOnline if you don't mind sharing.  Because you can never change anothers status message or avatar but instead it just displays them on particular sections of the site only.  I don't know much about templates. I would assume they don't contain code to cause this issue but thought I would ask since it is a display issue..

9 Jun 2014

 

What template do you use ClubandOnline

 i use the BlackisBlack template, i thought the same as you about the template issue and switched back to the uni as the default template, then cleared everything, but i'm still getting the exact same problem, one thing i have noticed is that it's just on the main and sub menu, i.e. if i go to photo's it will show the members thumbnail and their status, but if i actually view a photo, their thumbnail and status don't show anymore and the font awesome icon shows as it should, so maybe it's a menu problem, unfortunately i haven't got a clue what that problem might be

9 Jun 2014

ClubandOnline would you mind messaging me your site url? Maybe we have some mods in common causing this. If I could take a look I could test the theory since I can not replicate this in the demo.

9 Jun 2014

While you may have done so, after turning off Dolphin caching, clear your browser cache, go to admin, tools, cache, and clear all several times.  Then either using your file manager in your control panel or ftp, clear /cache and /cache_public directors leaving the .htaccess file in place.  Then for good measures force  your browser to fetch the page from the server; not sure about now but FireFox use to leave things in place even after you told it to clear the cache.

Geeks, making the world a better place
9 Jun 2014

hi gg, tried everything you said, also tested everything in firefox, chrome and IE, but it's still the same, as mentioned earlier it only does it while looking at a main menu or sub menu page, if you actually go to a specific photo or video etc, it's ok, so maybe there is a conflict somewhere

10 Jun 2014

 

hi gg, tried everything you said, also tested everything in firefox, chrome and IE, but it's still the same, as mentioned earlier it only does it while looking at a main menu or sub menu page, if you actually go to a specific photo or video etc, it's ok, so maybe there is a conflict somewhere

Have you added anything to your site that may have changed how sessions are handled?

Geeks, making the world a better place
10 Jun 2014

 

Have you added anything to your site that may have changed how sessions are handled?

 not as far as i know

10 Jun 2014

What version of php you're running and do you have any other cache system like xcache/apc/memcache, anything like that?

so much to do....
10 Jun 2014

I have memcache but its not activated. I turned off all file cache for testing.  Ive also not installed anything I know of that affects sessions but Im not to knowledgeable about sessions.  It appears the only thing we have found in common so far between myself and clubland is modzzz raffles.

10 Jun 2014

 

I have memcache but its not activated. I turned off all file cache for testing.  Ive also not installed anything I know of that affects sessions but Im not to knowledgeable about sessions.  It appears the only thing we have found in common so far between myself and clubland is modzzz raffles.

and your php version is?

so much to do....
10 Jun 2014

uninstalled raffles but as we thought it's not that because the problem is still there, 

all cache turned off, no other cache systems running, 

PHP 5.3.26

10 Jun 2014

My php is 5.3.28

10 Jun 2014

ok take the url to any person avatar and put it here http://web-sniffer.net/

and copy paste or screenshot the response headers.

so much to do....
10 Jun 2014

this is what i got when i put in a members profile url (i don't have the avatar mod installed), 

 

Edit: sorry if this is not what you meant but i am well out of my depth now

image.jpg · 225.2K · 278 views
10 Jun 2014

My screen shot will not attach from my mobile I guess. Ill post the info soon as I get to a desktop

10 Jun 2014

 

this is what i got when i put in a members profile url (i don't have the avatar mod installed), 

 

Edit: sorry if this is not what you meant but i am well out of my depth now

I checked your site (dolphin 7.0.x), its not the client side caching for sure.

EDIT: When you see other people avatar on someone's else profile do you get logged in with their id in site or you stays logged in to your own account.?

so much to do....
10 Jun 2014

Here is some copy and paste instead.

 

Connect to 50.31.74.229 on port 80 ... ok

 

GET /Jason HTTP/1.1[CRLF]

Host: mysite.com[CRLF]

Connection: close[CRLF]

User-Agent: Web-sniffer/1.1.0 (+http://web-sniffer.net/)[CRLF]

Accept-Encoding: gzip[CRLF]

Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]

Cache-Control: no-cache[CRLF]

Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]

Referer: http://web-sniffer.net/[CRLF]

[CRLF]

HTTP Response Header

 

Name Value Delim

Status: HTTP/1.1 200 OK

Date: Tue, 10 Jun 2014 02:12:05 GMT 

Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0d mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 

X-Powered-By: PHP/5.3.28 

Set-Cookie: memberSession=3sGHiPVQh%2B4u5.AXf.n%3DeR%21gwUv%3FQBbf; path=/; httponly 

Vary: User-Agent,Accept-Encoding 

Content-Encoding: gzip 

Content-Length: 80 

Connection: close 

Content-Type: text/html 

Content (encoded: 0.08 KiB / decoded: 0.06 KiB)

 

<br /><b>checkAction()</b> fatal error. Unknown action ID: 1<br />

10 Jun 2014

 re

Ill post the info soon as I get to a desktop

 This may seem like a strange question, but are you under 30 or over 30 years old?

My opinions expressed on this site, in no way represent those of Boonex or Boonex employees.
10 Jun 2014

 

 re

Ill post the info soon as I get to a desktop

 This may seem like a strange question, but are you under 30 or over 30 years old?

 

 I am neither Houston.  I am 30. I assume you reference my abilty to provide a screen shot but I am at work so I copied and pasted the results. My phone either in desktop mode or mobile viewing will not connect files to the forum here on my android device.  

10 Jun 2014

 

EDIT: When you see other people avatar on someone's else profile do you get logged in with their id in site or you stays logged in to your own account.?

 no it's still my account, i just see the thumbnail and status message (or headline) of the very first profile i viewed, even if i view another 10 profiles, as soon as i go to photo's or videos etc it shows it shows the thumbnail etc of the first profile, as i've mentioned before, it only does it on the main menu and sub menu pages, if i actually view a single photo or an album everything is as it should be, i.e. with the font awesome icon and no thumbnail from the first profile i viewed, 

also i'm running 7.1.4 not 7.0.x

10 Jun 2014

May be another stupid question or you have already mentioned it and I missed it, but does this happen when you are logged in as a regular user and NOT an admin too?

Nothing to see here
10 Jun 2014

 

This may seem like a strange question, but are you under 30 or over 30 years old?

 i noticed your other post so no it's not a strange question and am 47 and love a desktop!

10 Jun 2014

 

May be another stupid question or you have already mentioned it and I missed it, but does this happen when you are logged in as a regular user and NOT an admin too?

 this happens even if you are not logged in at all

10 Jun 2014

This happens on non admin accounts as well. I've tested to confirm.

10 Jun 2014

I know you turned off the caching according to your post, but did you manually remove the files from /cache_public, /cache, and /tmp except for the .htaccess?

 

When I say manually, I mean using an FTP client or cPanel/Plesk file manager. Don't trust the clearing in the admin panel.

Nothing to see here
10 Jun 2014

 

When I say manually, I mean using an FTP client or cPanel/Plesk file manager

 i most certainly did sir

10 Jun 2014

Previously you stated that you didnt have the Avatar module installed. For sheets and grins, have you tried installing it to see what happens?

Nothing to see here
10 Jun 2014

 

Previously you stated that you didnt have the Avatar module installed. For sheets and grins, have you tried installing it to see what happens?

  just installed the avatar mod but no change, even went into advanced settings and changed member thumb from profile photo to avatar and member thumb icon from profile photo icon to avatar icon just to be sure

10 Jun 2014

ok i've been at this 13 hours now and its gone 4am, can't do anymore today i'm shattered, would just like to say a big thank you to all of you that have tried to get this sorted, i just hope i haven't got to throw the hole thing away and start with a fresh install

10 Jun 2014

Is this an original 7.14 install or an upgrade?

 

Really not sure how this would be happening since it was supposedly fixed in 7.1 with these 2 changes:

http://www.boonex.com/trac/dolphin/changeset/17548

 

Verifying that your files have the additions (or removals) mentioned in the changeset, the only other thing I can think of is to install a new instance (demo) in a subdirectory of your root and see if it happens there too.

Nothing to see here
10 Jun 2014

I had that same problem a while ago. It ended up being a mod I installed. It did not happen right away. It took weeks before it messed up. I was at wits end and about to shut the whole thing down. Found it out by shutting off all mods. But before you try that make sure you take a full back-up of your database..  I then installed all the mods back one by one and it was all normal. Then I put the old database back and got the problem back. So I shut one by one off to find out which one it was.. I forgot what one did it to me. I think it was one of modzzz but not sure.. I know whom ever mod did it, They fixed it after I found it and told them what was happening..

10 Jun 2014

Mine is an upgrade Zarcon.  Trucking space thanks for that info. Wish you could remeber which mod it was. Any old forum subscriptions you might have that would refresh your memory? I am going to start a similar process as you had done.

10 Jun 2014

Ok I am demolishing site features one by one. Firstly I discovered an odd side effect of completely turning off cache.  Certain page blocks no longer display and the member bar is gone. Also the login button that pops up the form does not work. Turning cache back on and everything returns to normal? Weird?

 

2ndly, I have uninstalled Modzzz auto mailer, raffles, ultimate referrals, referrals contest, and birthday mail by andrew p.  None of these have any effect on the problem.

Attached is a screen shot of the issue which the content being displayed is not my avatar nor my status message.

 

avataruserswitch.png · 36.4K · 251 views
10 Jun 2014
10 Jun 2014
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.