By bonniebogle on

I've been running a Drupal site first on 4.2, then after upgrading to 4.4 I noticed this problem: When I go to the URL, sometimes (not every time, I'd say it happens rarely, but happens) I arrive at the front page and am signed in as one of the users...not me...as in no, it's not because I did not log out...I'm actually logged in as someone else who holds an account on the site. This has happened to a few people, and in every case, the people were logged in automatically to the same person's user account. Any ideas what might be the problem?

Comments

ericgundersen’s picture

ericgundersen commented

This isn't good :(

dries’s picture

dries commented

Do you have custom/contributed modules installed? Did you upgrade these as well? If not, updrade them as well. If so, try to disable them, and see if the problem goes away. If it does, try to isolate the offending module.

bonniebogle’s picture

bonniebogle commented

Sorry for delay to your responses, was on needed vacation. Added modules are project, poormanscron, event, image, notify, localegettext...

The problem in testing to see if there is an offending module is that it happens rarely, not every time someone opens the site. Next time it happens i'll look at all the logs to see if there are hints.

robertdouglass’s picture

robertdouglass commented

How are urls with phpsessionid numbers in them handled by the cache? Is it possible that someone is getting served a cached version where the session id is in the cache?

- Robert Douglass

-----
visit me at www.robshouse.net

bonniebogle’s picture

bonniebogle commented

I have and always had cache disabled, so does this rule out it has something to do w/ cache, or do elements of cache run even if I have it disabled in the configuration?

killes@www.drop.org’s picture

killes@www.drop.org commented

Only pages for anonymous users are cached anyway.

--
Drupal services
My Drupal services