4images Forum & Community
4images Issues / Ausgaben => Feedback & Suggestions => Topic started by: AlanShkr on July 07, 2005, 06:34:41 PM
-
Today I got an email from someone saying that the moment he goes to the gallery, he is logged in through my account, so that would explain how our database got ruined the other day, is there any way to stop this from happening? thanks!
-
is there any way to stop this from happening? thanks!
Very simple: never give out a link with sessionid= attached to it!
-
thanks for your help :D, i now asked him HOW he entered the gallery, cause i have given a few links out with session= attacthed to it, so maybe he entered through those. i never knew thats what happens if u give out a URL with session= attached to it :O.
-
well now i dont think thats the problem, someone told me he just clicked enter to the gallery, with no sessions or cat_id numbers attached, just a direct link and he was logged in, what should i do now? :?
-
perhaps they stayed logged in after first time clicking on a link with sessionid. just change your password, and clear 4images_sessions table with phpmyadmin or such. (clear, not delete!)
-
Thanks for replying, I went into my PHPAdmin and emptied the tables. I hope everything is ok now :).
-
and btw, what does clearing the 4images_sessions table do?
-
it just removing the sessions, so if one logged in without checking the "loggin me automaticaly" checkbox (clicking on a link with sessionid does that), then their login info is being saved in the 4images_sessions and 4images is using that info to validate the visitor's login status.
P.S. oh wait...omg...4images v1.7.x does not have 4images_sessions table! never mind...my bad.
-
So then what did I delete? :P Cause I had one, lol, and I emptied it and everything is fine :P. And thanks again :)
-
oh...I guess I should deeper look into v1.7.1 code...
u are right, there is such table, its the session_vars being saved in the php sessions instead of database.
glad it worked :D
-
I`m glad it did too! Thanks again :).