Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon
Community Center F.A.Q (Last Updated: 2024 Dec 20 3:22 am)
It's because the site uses persistent cookies for the session. If someone sends a link with their session ID in it, you log in and you're them. The solution is for the person to be very sure they don't have their session ID included in the link, but also if they log out, you won't be able to log in as them. Personally, I think this is really sloppy coding, and I know for sure that there are better ways to handle sessions and cookies, but I'll let other people argue about it. I mostly wanted to pass on the information about how to work around it. bonni
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
Just to prove ernyoka1's point... this is me... Ziggie... while I have been switched to her identity again. I have full access to everyting that ernyoka has on this site. Lets have a peek in accounting.... mmmm..... You made HOW MUCH... Holy Cow... Batman....! I wouldn't do that... but someone else might. the Real ziggie
FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
 Using Poser since 2002. Currently at Version 11.1 - Win 10.
And to once again prove the point, now this is me, ernyoka1. And looking at ziggie's account... PUNY :oP And as ziggie said (while impersonating me) - WE wouldn't do it to each other, but someone else might. For the record, since I guess you log it, my IP is 62.107.40.24 ~The One and Only ernyoka1
"You don't have to be mad to use Poser... but it helps"
Elizabyte. It's not the whole explanation though. Because I NEVER sent ziggie any links. I can fully understand how I can become HIM (just send a link including the sess.id and sess.key and voila) but as I NEVER sent HIM anything, it really worries me. And I just encountered another oddity. I logged out (since I was ziggie) and logged in - as my self, with my own username AND password. Yet when the login was completed, I was STILL ZIGGIE! But now I'm myself again. And my IP is still 62.107.40.24. ~The One and Only ernyoka1
FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
 Using Poser since 2002. Currently at Version 11.1 - Win 10.
And I just encountered another oddity. I logged out (since I was ziggie) and logged in - as my self, with my own username AND password. Yet when the login was completed, I was STILL ZIGGIE! Oh, that IS weird. Hmm. Once this happened to me with someone else (a friend, thankfully). She was me, I was her, it was just weird. No idea what caused it, other than something bizarre with the cookies and so forth. I logged out and then logged back in and so did she, and it never happened again. bonni
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
I didn't delete any cookies. But that STILL does NOT explain how I can get a cookie that was meant for ziggie either. Again, I can understand how the opposite can happen since he sent me a link that contained his sess.id and stuff. But NOT the other way around!
Message edited on: 11/20/2004 18:01
FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
 Using Poser since 2002. Currently at Version 11.1 - Win 10.
Dee, I'm not having a problem now. :-) I did once a while ago, but it never repeated. I believe that was because of a poorly formed link that had the session ID in it. As mentioned, the logging out then fixed it. bonni
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
Heh, I tried to tell them that their damn session ID and wotnot was causing seriously screwed up problems some months ago. I got fobbed off with "we're looking into it"... and guess what? Nothing was done, nobody ever came back with anything more than the "we're looking into it". And now another predictable problem shows how it's messed up - seriously messed up. It would have been better if the response had been more honest "thankyou for pointing this out, but we don't give a damn".
Actually, ziggie and I had this happening to us about a year ago as well. And we pointed it out back then too. Was just told not to send links with sess.id's in. And that's fine and dandy. but it DOES NOT explain how HE could become ME! And...
FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
 Using Poser since 2002. Currently at Version 11.1 - Win 10.
PMT? I know PMS and MPD (which this may be a cause of) but WTF is PMT?! =o) And DON'T SHOUT! I'm the only one allowed to SHOUT here!
FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
 Using Poser since 2002. Currently at Version 11.1 - Win 10.
I just PM'd Dee...
This is a serious security hole that needs to get patched up ASAP. Another instance occurred in the Copyright Forum today. It's a little more widespread then having to delete cookies if multiple members are having the SAME EXACT issue. I have a degree in computers in business applications and one of my required courses was Information Security.
Message edited on: 11/21/2004 14:30
Had this happen to myself and another as well. Even after I tried to log out and then back in, it just brought me back into the system as her. And she had my ID. I had to log out TWICE to get it to bring my account back to me. I didn't delete any cookies and my machine is set to not store them, so I'm not entirely sure it's a cookie problem. Aazari The Art of Jolie E. Bonnette http://www.aazari.com/art/ Art Protection League http://www.artprotectionleague.org/
Hi Everyone - 1st off, we do care :) This ID swtiching can affect all members [and yes,Mods, Coords, and Admins are member first, team member second] - So, we do care, honest - it is a problem that could cause havoic to anyone's account if they are not careful when sharing links. I personally do not have the answers to your questions, nor the solutions to solve the problem. However, I promise to do my best to bring this matter to the attention of the programers - who will be in first thing Monday morning Rosity time. I truly realize the importance of this matter and I promise that the programers will address this ASAP. Thanks so much for your patience and understanding. Sincerely Dee-Marie
Attached Link: http://www.renderosity.com/messages.ez?ForumID=12374&Form.ShowMessage=2016195&Reply=2016369#14
Mmm. Yeah. Thanks a lot.:-/
Well I don't understand but can say this,on DAZ I followed a link that logged me in as the sender,I logged out and then after logging in several times I went back to DAZ and again found myself logged in as this other person.I complained there and here and was told over and over that it couldn't have happened for this reason and that...the saving grace at DAZ is that you have to re enter your password to get into the secure areas but I found that if you keep hitting the button to access those that it eventually lets you through without a password. So here's the deal...don't store credit card numbers or any sensitive info on the site as its not secure here or at DAZ.Besides guys,if you have a credit card why do you need to save it on the site?I mean,you have the card right...why leave that info on site? So my suggestion to Rosity is for security reasons,remove that option and require only the basic info members need to have to access the purchase area...let them do the rest themselves.
If the end goal of learning is genius...why are most geniuses failures at learning?
This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.
OK, so ziggie sent me a link to one of his pictures, on MSN. And when I clicked it, I became him. Well that has happened before, because the link includes the sess.ID and stuff, so we're normally aware of that. The REALLY weird thing happened when I logged out and in again as myself. All of a sudden, ziggie was ME. And I DID NOT send him ANY link or anything. He could see my IM's and stuff (I asked to make SURE he was really me) - and I just don't get it. HOW COULD THAT HAPPEN? Now I consider ziggie a friend so I know he wouldn't abuse the situation, but if it can happen with him, it can happen with others too. So will someone please look into it and explain HOW it could happen?! I DON'T like this at all!
FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
 Using Poser since 2002. Currently at Version 11.1 - Win 10.