Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Serious issue: appears to log you in as a different user?

Topic-icon Serious issue: appears to log you in as a different user?

Active Subscriptions:

None
6 years 6 months ago #62778 by allmyhoney
Hi there, I have a pretty serious issue here that a number of users have raised with me. Basically when a user logs in using the linkedin profile link (jfb connect) they are actually showing up as another user in the top right of my site (my site is a joomla easysocial site). it is very very strange,

This issue has occurred on more than one occasion. I attempted to access my site by entering the main URL into the Chrome browser. When I was redirected to the home page, it appeared that I was logged in under another users profile. Thankfully when I selected any other option (messages, notifications, compose new blog etc), the security login window pops up and basically I dont have access to that users details as such but initially it looks that way.

I know this could be the jfb connect plugin but also easysocial but it only happens when using the JFB connect buttons.

I am thinking it might be a caching issue maybe but I am not sure?

I have gzip compression turned on and a caching plugin installed and general joomla caching turned on. is this ok to have turned on or do I need to turn it off?

This is the video of the issue in action: recordit.co/bEbci48cWq

As you can see I am not Aislinn here!!!! and I also needed to click on the profile tab twice to eventually get my username and profile showing up?

Any help would be greatly appreciated as this is very worrying for my users here.

Thanks,
James
The topic has been locked.
Support Specialist
6 years 6 months ago #62779 by alzander
Obviously, that's not the right behavior. Fortunately, that's not something we've heard reported before and not something I think is a true security problem.. though we'll gladly help investigate however we can.

My initial thoughts on that are that you're using the System - Page Cache plugin, which comes with Joomla. If so, it could explain the behavior your seeing. That plugin will store a copy of a page when it's loaded on the site to your filesystem and then just send that saved copy to any user that requests it. That plugin is *only* for brochure-ware type sites and should not be used on any sites with authentication for the reasons you mention above. It's also disabled by default with any Joomla installation.

Gzip compression wouldn't have any effect on this problem and you can safely leave that enabled.

If you have other caching extension or options enabled, I'd recommend turning them off, briefly, just to see if the problem goes away. When you turn them off, make sure to clear your browser cache before you try again. Some plugins will instruct your browser to cache some stuff and, even when they are disabled, the browser still keeps those instructions.. which can be extremely frustrating since it will seem like the plugin is still enabled when it isn't.

Try testing without caching and I'm assuming things will work. Then, slowly enable caching settings one at a time and see if there's one magic setting that loads the wrong info for you.

Ultimately though, since Joomla is rejecting requests to edit the 'wrong' profile, it means that Joomla knows the correct user that's logged in.. which again points to caching just flubbing things up.

I hope that helps explain, but if you need anything else, just let us know.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
6 years 6 months ago #62780 by allmyhoney
Your bang on correct Alex, the page caching plugin causing this behaviour here. The moment I switch it off - everything works fine.

I turned this on looking for speed not realizing that of course its just for brochure sites and not dynamic user based login sites.
I am now going to slowly test the other caching things I had tried out and give it a go.
The topic has been locked.
Support Specialist
6 years 6 months ago #62781 by alzander
No problem and glad to help. That plugin used to just be called "System - Cache", which was a disaster cause everyone enabled it expecting amazing things.. it always just ends in tears :) "Page Cache" isn't much better, but it's easier to call out that it's a specific type of caching feature and to take caution with it.

Either way, all other forms of caching in Joomla generally shouldn't have any trouble with JFBConnect. Of course, if you do run into something, just let us know and we'll gladly help investigate.

Thanks,
Alex
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Serious issue: appears to log you in as a different user?
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS