Kohana - how is authorization from one local network?

M

mandrozz2014-04-04 05:11:13

Kohana

mandrozz, 2014-04-04 05:11:13

Hello. I noticed an interesting feature of authorization on sites made on kohana.
In our local network in the office, when authorizing on the site from one PC, authorization is successful, if you log in from the same browser from another PC, you will not need to log in, the person automatically enters the account of the previously authorized person. If this person makes an exit and a new authorization, then now the first person will get into the account of the second.
This effect does not work in different browsers, on other sites too, but on sites on kohana it always works. Please explain how this effect can be caused, so that something can be done about it.
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

N

Nazar Mokrinsky, 2014-04-04
@nazarpc

Most likely, it’s worth checking not by the user’s session id, but by IP, though I don’t know who could have thought of such a crooked method O_o)

H

hOtRush, 2014-04-04
@hOtRush

I think the problem is somewhere at the level of storing tokens to restore the authorization session.
modules/orm/classes/Kohaha/Auth/ORM.php 150 line
screen
But the token is generated very securely and without the possibility of duplicating the screen
In general, as one of the options, I see that you have the same "authautologin" cookie, though this is unlikely

I

Ivan, 2014-04-18
@dohlik

And it is stupid to check sessions? Because it looks more like a session than a cookie. Drop something into the session for one user, will the second one appear? Well, or change the session driver.