Re: Witango-Talk: variables getting muxed

[William Conlon]

Sounds similar to session hijacking (we had a discussion on this In  
January 2006).  Use cookies instead of passing the userreference in  
the URL.

--bill
On Sep 24, 2007, at 8:02 AM, WebDude wrote:
Mmmmmm...

That sounds like a good idea. Check to see if Vars are set and if  
so, ask them to logout.

John Muldoon
Corporate Incentives
3416 Nicollet Ave S
Minneapolis, MN 55408-4552
612.822.2222
[EMAIL PROTECTED]
<ci.gif>
http://cipromo.com



From: Robert Garcia [mailto:[EMAIL PROTECTED]
Sent: Monday, September 24, 2007 9:52 AM
To: witango-talk@witango.com
Subject: Re: Witango-Talk: variables getting muxed

First, I would remove all references to <@userreferenceargument> in  
urls completely if you are using witango v5.5.

Second, we had an issue like this, and it stumped us for a long  
time, until we watched what the users were doing. Users think, that  
if they open another browser window, or tab, it is a SEPARATE  
space. They may open a second window or tab, and login as another  
employee, for whatever reason, to check something real quick, or  
whatever, then close that window, and expect the previously opened  
window to work as it did, with the former employee. However, the  
new login, from the new window overwrote the user vars, for this  
session, which includes BOTH WINDOWS OR TABS.

The only way to eliminate this, is to check on login, if any or one  
of the user vars are set, if so, you must tell them they have an  
open session that must logout from first. This type of problem  
usually only happens on employee type internal sites, I don't  
usually worry about it with consumer sites.

--

Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/

On Sep 24, 2007, at 7:12 AM, WebDude wrote:

Hi all,
I have a strange thing happening with one of my clients. We are  
still in the process on trying to find the problem. It might be a  
firewall issue on thier end, but I thought I might ask a couple of  
questions here.
I have a site for a company that has around 150 employees. It is  
an employee site. Each employee has a login and password. When  
they login, some variables are set to keep track of the user and  
for them to edit their personal profile. etc. As of Friday, the  
users started getting muxed. In other words, users would login as  
one employee, but it shows them as another. This happened several  
times and I am trying to get to the bottom of it. All users come  
in on a range of IPs, 5 of them, I believe. I tested , retested,  
and tested again, but cannot reproduce the problem on my end. I  
used several machines ALL on the same IP address and logged in as  
different users on all of these machines to see if I could break  
it... and I cannot.
I did notice that some of the URLs I have in some menus did not  
have the <@usereferenceargument> while some did. I changed all  
links in the project to include the <@usereferenceargument> hoping  
this would help in carrying the correct variables while surfing.
Also, since this is a new project and we are still in the testing  
phase, some of the changes I am making are not being seen by some  
of the users on their end. I have had them clear cache, re-log in,  
even reboot thier machines and still these users do not see the  
changes. I assume that they may have a caching server on thier end  
that may be a problem.
The site was running perfectly okay on thier end until Friday, and  
then something changed. So their secondary IT guy told me that  
they just installed a new firewall last week and I am waiting for  
a call from thier primary IT guy (because he set this up) to see  
if the problem could be on their end.
Questions...
Could the fact that some URLs did not have <@usereferenceargument>  
and some did be a problem?
There are a few meta refreshes that go to a different page that  
did not carry the <@usereferenceargument>, could this have been a  
problem?
Could the fact that they are all coming to the site on just a few  
IPs be a problem?
Could their firewall be a problem and what do I need to tell them  
to get it to work correctly? Port 80, of course. Cookie enabled,  
of course... am I missing something?
Sine I already worked on this for a couple of hours this morning,  
I have yet to have them call me with any more problems. I guess  
I'll have to wait and see if I already corrected any problems on  
my end. What's wierd is that I have a couple of forums with well  
over 5000 users for each and I have never had any problems with  
any of these when it comes to keeping users separate. I have never  
built anything like this for users coming in on a limited set of  
IP addresses.
Any insight would be appreciated...
Thanks!
_____________________________________________________________________ 
___
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf

______________________________________________________________________ 
__
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
______________________________________________________________________ 
__
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf


________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf