[TYPO3-dev] Solving existing session problems - sole technical approach - Even worse version of the problem: Involuntary hijacking

[Christopher Lörken]

Hello Ries and thank you for your answer.

The users can log in to our game as the wrong user and they can post 
under the wrong names in the forum so I seriously doubt it is a mere 
caching problem. Besides that, most of my own written plugins run as 
USER_INT.

Furthermore, my custom debug logging at various points logs their 
correct IP address with the uid of the hijacked fe_user (taken from 
$GLOBALS['TSFE']).

Thank you,
Christopher


ries van Twisk schrieb:
> 
> On Feb 5, 2009, at 6:35 AM, Christopher Lörken wrote:
> 
>> Hello everyone.
>>
>> We've experiencing some session problems on our site since a few days
>> that are far worse then simply having to log in twice:
>>
>> Our users frequently get the wrong session and are logged in as someone
>> else!
> 
> are you sure these users are wlays getting a not cached version of the 
> site?
> They should be because they are logged in but I think I have seen teh 
> same once....
>  try setting no-cache in TYPOSCRIPT. If that solved the problem then you 
> know
> the area to look into the solve the real problem.... oink :)
> 
> Ries
> 
> 
> 
> 
> 
>