Undesired switching of user accounts

Next topic

Author	Message
Rikard Ahrgren	Thursday 08 January 2009 10:34:35 am I'm not sure if this is the right place, so please bear with me. I have a strange problem in which a user is logged in to another users account by simply accessing the same page as the another within a short period of time. Consider the following scenario: One user logs in and accesses a few pages and logs out. Then another user with exactly the same rights as the first user accesses the same page a couple of minutes later. The second user will then have been switched to the first user's account, but not with the rights to edit the first user's personal information or objects. When the second user accesses another page which the first one haven't he is switched back to his original account, but as soon as he goes to a page the other user has accessed, he is logged back to that user. Worth to mention is that it only works if the users are a member of the same groups. Two different user with different rights does not affect each other. It works no matter if it is from the same computer or two different, from different ip-addresses. I cannot imagine this to be a general bug, but i have no idea why it does so on my site.. I'm quite new to ez publish. Please help me. By the way, I'm using ez publish 3.9.0.
Kristof Coomans	Thursday 08 January 2009 10:50:10 pm Hi Rikard Does this concern pages that were cached by the content view caching system? See http://ez.no/developer/articles/ez_publish_performance_optimization_part_3_of_3_practical_cache_and_template_solutions/caching_overview. If you want to put user specific information into node views, then you need to disable content view caching. independent eZ Publish developer and service provider \| http://blog.coomanskristof.be \| http://ezpedia.org
André R.	Friday 09 January 2009 4:11:15 am ezwebin on eZ Publish 3.9.0 had a issue where it caches pagelayout header (using cache block) pr users with same rights, and not pr user. So your not logged in as another user, it's just another users user name that shows up on the webpage( so no security issue besides seeing the name of another user an his user id in the markup). You can update ezwebin to 1.2 to get the fix, but you'll need to update eZ Publish as the updated uses nested cach-block's witch didn't work on 3.9.0 (fixed in a later 3.9.x version so use latest 3.9.x version or newer). eZ Online Editor 5: http://projects.ez.no/ezoe \|\| eZJSCore (Ajax): http://projects.ez.no/ezjscore \|\| eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom
Rikard Ahrgren	Friday 09 January 2009 4:35:47 am Thank you very much for your help! Disabling templatecache in site.ini.append solved my problems Regarding the issue in 3.9.0, it sounds exactly like the problem, but when I used {def $current_user=fetch( 'user', 'current_user' ) } in a template file it also gave the wrong user. And if the user was trying to change personal settings while the wrong name was shown it stated that the apporiate rights was missing for that account.
André R.	Friday 09 January 2009 5:25:53 am fetch current user issue, see Kristof's post. No rights to edit: This is caused by the fact the user id is in the url, so if you get wrong name you also get wrong url. eZ Online Editor 5: http://projects.ez.no/ezoe \|\| eZJSCore (Ajax): http://projects.ez.no/ezjscore \|\| eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription @: http://twitter.com/andrerom

eZ debug

Timing:	Jan 18 2025 22:14:28
Script start
Timing:	Jan 18 2025 22:14:28
Module start 'layout'
Timing:	Jan 18 2025 22:14:28
Module start 'content'
Timing:	Jan 18 2025 22:14:29
Module end 'content'
Timing:	Jan 18 2025 22:14:29
Script end

Main resources:

Total runtime	0.5903 sec
Peak memory usage	4,096.0000 KB
Database Queries	65

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0047	588.0313	152.6406
Module start 'layout'	0.0047	0.0029	740.6719	39.4766
Module start 'content'	0.0076	0.5811	780.1484	604.3281
Module end 'content'	0.5887	0.0016	1,384.4766	16.1406
Script end	0.5903		1,400.6172

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0031	0.5206	16	0.0002
Check MTime	0.0012	0.2102	16	0.0001
Mysql Total
Database connection	0.0006	0.1025	1	0.0006
Mysqli_queries	0.5377	91.0943	65	0.0083
Looping result	0.0007	0.1127	63	0.0000
Template Total	0.5625	95.3	2	0.2812
Template load	0.0020	0.3444	2	0.0010
Template processing	0.5604	94.9372	2	0.2802
Template load and register function	0.0002	0.0332	1	0.0002
states
state_id_array	0.0008	0.1391	1	0.0008
state_identifier_array	0.0007	0.1127	2	0.0003
Override
Cache load	0.0017	0.2833	27	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0006	0.1030	3	0.0002
Fetch class attribute name	0.0013	0.2262	7	0.0002
XML
Image XML parsing	0.0012	0.1963	3	0.0004
class_abstraction
Instantiating content class attribute	0.0000	0.0027	8	0.0000
General
dbfile	0.0018	0.3100	23	0.0001
String conversion	0.0000	0.0014	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
5	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
4	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
7	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
3	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 21 Number of unique templates used: 6

Time used to render debug report: 0.0001 secs