Users complaining about already being logged in – with another account.

[kcfancher]

Hey Everyone,

This is my first post on the community forums, and we have just setup and gone live with our Xenforo install.

A couple of days ago I started to get some worrying reports from users saying that when they go to sign-in to their account, they are already logged in. But, it is not their account but another random user from the board.

Any thoughts on this?

Users reported this to me here

 

[kcfancher]

Not sure if this was the right forum or not since I'm not sure if this is a bug or if I'm just doing something incredibly wrong.

 

[Chris D]

I have moved the thread to Troubleshooting for now as I think this is unlikely to be a bug.

Before using XenForo were you using another forum package? If so, which? And what import tool or services did you use to move the data across?

 

[kcfancher]

No, this is the first forum software we've used and we used the 'Installation Service' to set it up. The only customization we have done is to use the 'Xenforo Last Posts' WordPress plugin to display some posts on our WordPress site. I don't think that would be the issue as the configuration doesn't use any of the database permissions.

 

[Paul B]

Disable any add-ons you have installed and any caching you have implemented, to rule out those as factors.

 

[kcfancher]

Thanks for the tips, the only Add-ons I have installed are 'XenForo Enhanced Search', 'XenForo Media Gallery', and 'XenForo Resource Manager'. Should I disable those as well?

Also, I haven't intentionally implemented any caching. Looking in /library/config.php there are no $config['cache'] statements. Do the default to on or off? Should I add $config['cache']['enabled'] = false;

Thanks for your help.

 

[Mike]

There is caching coming from outside of XenForo. XenForo will never return a 304 not modified for its pages (except for some specific exceptions). Simply loading the forum list and refreshing triggered this.

Based on the server header, I see Sucuri/Cloudproxy being used, so I suspect there is caching configured within that. If you're not sure where it's coming from specifically, you should contact whoever setup Sucuri/Cloudproxy.

 

[kcfancher]

We do have Sucuri enabled, I'll talk with the admin of that to see if we have caching setup in front of our forum install. Thank you all for your help. I'm not seeing the 304 but that must be the issue.

 

[kcfancher]

Hey All,

Thank you for your help. About a week ago we disabled the Sucuri caching but as of today we are still having users complaining of the issue. Any further thoughts?

 

[Mike]

Browsing around I didn't see anything obvious, but I wasn't logged in. Can you reproduce it yourself? I did still see a header indicating Sucuri was being used (or at least served through).

Any time (very infrequently) this sort of thing has been reported it has always been down to some sort of caching happening outside of XenForo.

 

[kcfancher]

Mike, thanks for looking at it again. I have not been able to reproduce this myself as of yet. It seems to be a select group of users.

I'm a bit out of my water here, but trying real hard to catch-up. Could you tell me how to see the Sucuri header that you found so that I can try and reproduce that myself.

 

[Mike]

You need to look at the Network tab of Chrome's developer tools and look at the headers. I see:

(See the Server header in the middle.)