damian
Posts: 838
|
| Posted: 02/24/2011, 12:38 PM |
|
can i ask a question? can you add a CCGetUserID() or CCGetUserLogin() into your header or footer and check whether you are indeed logged in or if security needs to be re-applied across the site.
If you try to access a (supposedly) secure page directly (eg not from login page) does it actually prompt you to login? if you do it from a computer you have never used before what happens?
_________________
if you found this post useful take the time to help someone else.... :)
|
 |
 |
JohnH
Posts: 10
|
| Posted: 02/24/2011, 3:28 PM |
|
I'll mention wireshark again. I use it to see exactly what is being exchanged in an HTML conversation. It has an option under Analyze->Follow TCP Stream which assembles the conversation so it's readily viewable. You can see what's in the headers, cookies, etc. as the browser and server 'chat' back and forth. Just filter on 'html' packets
.
I find it very useful when I have a confounding problem such as cookies that aren't doing what I think they should be doing.
It's a free and powerful network protocol analyzer available from wireshark.org. I originally used it for actual network troubleshooting but found it's handy for certain pesky programming matters, too.
It would reveal whether cookies are persisting when they shouldn't (most likely) or something else.
|
|
|
|
damian
Posts: 838
|
| Posted: 02/24/2011, 4:00 PM |
|
ill second that one too...
and one other thing to look at - is your local/dev application exhibiting same behaviours or only the live app?
_________________
if you found this post useful take the time to help someone else.... :)
|
|
|
|
Waspman
Posts: 948
|
| Posted: 02/26/2011, 8:47 AM |
|
Just had an offer of a patch for this from another user. YES supplied it to them?
_________________
http://www.waspmedia.co.uk |
|
|
|
Oper
Posts: 1195
|
| Posted: 02/28/2011, 10:38 AM |
|
PhP or ASp
on Common.asp print the variable ccgetuserid()
but doit on the common File after all include.
_________________
____________________________
http://www.7bz.com (Free CMS,CRM Developed in CCS)
http://www.PremiumWebTemplate.com
Affiliation Web Site Templates
Please do backup first |
|
|
|
damian
Posts: 838
|
| Posted: 03/01/2011, 8:52 PM |
|
waspman - did the patch resolve your issue?
_________________
if you found this post useful take the time to help someone else.... :)
|
|
|
|
Waspman
Posts: 948
|
| Posted: 03/02/2011, 12:33 AM |
|
I'll let ya know.
_________________
http://www.waspmedia.co.uk |
|
|
|
jjrjr2
Posts: 131
|
| Posted: 03/11/2011, 6:11 AM |
|
Hi again
Any Solution work???
How does it make U feel waspman.. Yes proivides the fix but Peter chose to just argue..
LOL
Let me know if the patch works and maybe share it.
Thanks
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
jjrjr2
Posts: 131
|
| Posted: 03/11/2011, 6:48 AM |
|
LOL
Just had to prove our point that CCS uses to behave the way waspman & I remember...
Notice. even this forum logs U out when you close the browser.
Also CCSElite does as well
All my new apps developed in CCS (Since some unknown update point to me) logged in users stay logged in even after a re-boot.
I do not know where Peter is coming from.. I agree this is a BIG security hole. Especially on public or shared computers....
Any way, If there is a fix for this can you guys share it??
Thanks
John
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
Oper
Posts: 1195
|
| Posted: 03/11/2011, 7:32 AM |
|
Why anyne dont answer what Damian, Me and Other has Said.
Try to Display on the TOP of the header footer or Somthing this 2 variable
ccgetuserid()
and
ccgetuserlogin()
Please do that .............
_________________
____________________________
http://www.7bz.com (Free CMS,CRM Developed in CCS)
http://www.PremiumWebTemplate.com
Affiliation Web Site Templates
Please do backup first |
|
|
|
jjrjr2
Posts: 131
|
| Posted: 03/11/2011, 6:41 PM |
|
Hi Group..
Found the fix for this But U R not gonna like it so much.
First. Gerrit sent me a file from YES that was suppose to fix the issue.
I tried it and not only did it not work it broke other functionality in an existing site.
So I started to dig into it.
Now here is what U have to do to fix this issue
In Common.php you will find this line of code
define("CCS_EXPIRATION_DATE", 30 * 24 * 3600); .. LOL That's What 2 years?????
Replace it with this..
define("CCS_EXPIRATION_DATE", 0 * 1 * 1);
It is used for some autologin set cookie code that did not used to be in the Versions of CCS that used to work properly.
Also Before anyone asks, the best I can tell it is not involved with the remember me stuff. Also I never set that anyway in any projects. So Let me know if it breaks remember me.. LOL
I have no Idea what Yes was thinking of when they added this. But here is the part U will love.
The Change is in Blue Space code in Common.php and of course changing it turns the whole area into white space.
I have no idea what impact this will have if you change project settings. Some things might not get updated..
So what U might have to do is change it back to default, make your project settings changes, publish, then put back the fix.
If I find anything out in that area I will post.
Geeezzzzz.....
Have Fun!!!!
John
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
jjrjr2
Posts: 131
|
| Posted: 03/12/2011, 1:00 PM |
|
@Waspman.
Did this resolve Your Issue????
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
jjrjr2
Posts: 131
|
| Posted: 03/17/2011, 10:56 AM |
|
Hi Again..
Did a little more looking into this anbd the change I supplied above WILL BREAK the auto login / Remember me feature..
LOL With a little info from Yes Support it does appear it is a setting in the project.. LOL
What appears to have happened, at some point the default setting for this changed and when updating to newer versions broke our projects as it relates to this behavior.
Soo.. What U reallyt should do to cause your application to log out on browser close is dis able the auto login feature for your project.
To do that
Project->Settings->Security
Click the Advanced button
Un-Check the Enable "Remember Me" Feature
Then re-publish
I think after that all will be ok if U want logout on Browser Close.
Pheww......
Let me know if THAT works for U...
John 
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
RoyBaird
Posts: 115
|
| Posted: 03/06/2012, 11:50 AM |
|
That did not work for me. Even after a logoff, I can open a browser window and be at the index page. still looking for a solution.
_________________
Roy |
|
|
|
