PDA

View Full Version : Unsafe automatic login



jules
27-10-2004, 15:04
So I'm using a coworker's computer while he's away and mine's in the shop. I tried to create a new login, but a message came up saying I'm in the records as already having a username - I assume it recognized the IP address.

However, instead of making me go back to the main page to put in my username and password, it signed me in automatically and let me jump to whichever folder I wanted - I just did this now. :eek:

This means that my coworker, or anyone else using this computer, could get into my account simply by opening the main expat.ru page and trying to register as a new user. This is, needless to say, not very secure... :confused:

Could you please look into this? :bookworm:

Thanks,
jules

Teutonic Deity
29-10-2004, 01:59
sounds like your co-worker did not log out properly

if he/she didn't, the program would have automatically logged in the next person who started it up as him/her

the fact that they were already logged in is the reason you were unable to create a new account

the proper way to go about it:

log that person out

log in using your name/password

when finished log yourself out

in some rare cases where you can't log out, simply find the "cookies" folder and delete any file you find containing "@expat.ru"

jules
29-10-2004, 15:04
Well, actually I meant that anyone can sign into MY account on this computer. For example, I was logged on, then closed the window, and opened a new window a few minutes later and went to www.expat.ru, clicked on To Register, and it automatically logged me on - now I'm typing this message without having given my password. Apparently the site doesn't automatically log you off when you close your browser.

If there were more Log Out buttons, it would be easier to do that, but I didn't think it would be necessary to log out every time I leave the site - I thought closing the browser would be enough. I just don't think it's very safe that it seems to keep you logged on or something even when you're not on the site. I don't want to have to clear the cookies every time I leave the site...

DPG
29-10-2004, 15:06
There's an option in the user CP of browsing with cookies - if you unclick that it should log you out when you close the browser (I think)? (Also find them on your PC and delete them as TD said above).

Also, to really log out fully, log out from the forums page, and then go to the front page of the site and see if you are still logged in there - sometimes it happens on certain computers, I'm not sure why though...

Tatiana cat
29-10-2004, 15:16
Yes, that's really a problem esp when you use several computers. I always 'log out' but it happened that when I logged in there was no notice that I had new private messages when in reality I had. Well, my messages have not been read but it looked like as someone had logged in exactly under my nickname and password.

BTW, I checked it several times... It looks safe. But in reality I guess somehow it's always possible to work out someone's password...

jules
01-11-2004, 15:00
I'm now back on my own computer, but things are still going oddly - today I signed in with one username, logged off, clicked the home button, put in my second username and password - and it then re-logged me into the first username account, not the second one! :confused: I had to go back to the www.expat.ru index page and log in there in order to get in on my other username...