1. Unregistered users can now participate on SneakyDave.com. All posts are moderated, which means they won't show up until they're approved.
    Dismiss Notice

Featured Sneakydave.com Session Removal

Discussion in 'Stuff' started by SneakyDave, Feb 24, 2017.

  1. SneakyDave

    SneakyDave Solid Mean
    Staff Member

    Joined:
    Dec 8, 2011
    Messages:
    2,860
    Likes Received:
    838
    If you recently visited the site, and wondered why you had to sign in again, the reason is because I recently reset all users' sessions due to a bug recently found in CloudFlare's service.

    This bug (now fixed) can result in cached pages on one site being presented to users on another site, and this cached data can include personal information, and possibly cookie information.

    I don't suspect this problem to be a big issue on a small site such as this, but I took the precaution to remove all sessions from the database, and then renamed the cookie prefix for this site, hopefully averting any problems with session hijacking, or any other nefarious actions.

    Again, I don't see this bug being an issue at all for this site, but I wanted to at least give an explanation of why members have to re-sign in. If you are concerned about this bug, CloudBleed, I also suggest that you change your password.

    It's been too long for this site to go without SSL, so I'll be installing that soon also.

    For more information on the CloudFlare bug, see this page:
    https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
     
    #1 SneakyDave, Feb 24, 2017
    Last edited: Feb 24, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice