There was a brief downtime earlier where users might have seen themselves logged in as another member of the forum. I will be very upfront in saying that no accounts were compromised as a result of what happened. This was a caching issue. Allow me to explain:

I was creating a server cache for static content (jpg, png, css, js filetypes). Unfortunately, I attached the server cache to dynamic content (php pages) and not the static content. As a result, the server cached entire php pages from other users. Then when someone else requested a webpage using the same php script, the server cache spit out the cached file it already had. For a simplified version, look at the following:

Ceddybear - "Refreshes main forum page"
Server - Generates the requested webpage
Server - Stores the content of Ceddybear's requested forum page in memory
Server - Sends Ceddybear his correctly rendered page
RickDal - "Refreshes main forum page"
Server - Checks cache for an already generated forum page
Server - Sees that the forum page with Ceddybear's name is already generated
Server - Sends RickDal the webpage that was sent to CeddyBear
Hilarity ensues


I have since fixed this bug so that the static content is cached and not the dynamic content. So, the forums should be loading quite a bit faster now. Mea Culpa on the bug!

-- Fiel

http://i39.tinypic.com/207kbxc.png


yeaaaaaaaaaaah

I didn't notice anything about this.... weird.
Sounds like a really easy-to-do April Fools prank.

I didn't notice anything about this.... weird.
Sounds like a really easy-to-do April Fools prank.

Very bad april fools prank.

If I hadn't noticed this very bad bug, people could have gone into their private message inbox, clicked on a private message, and see other people's private messages instead of the one they wanted to see. Definitely not a good thing. I had to nip this in the butt fast.

Actually no. I tried getting into MasPan's inbox but it prompted to mine instead.

Actually no. I tried getting into MasPan's inbox but it prompted to mine instead.

Maybe you were the first person to try and read PMs during this bug?

Fiel, you could add an exception to sensitive pages like that.

Maybe you were the first person to try and read PMs during this bug?

I know right.

Fiel, you could add an exception to sensitive pages like that.

In a sense, all pages are sensitive. Users might click to go to a page and see the super-secret-no-it-doesn't-exist-mod-forum. That would be bad news. All we ever do in there is hold secret meetings, talk about our hatred of users, and high-five each other at every infraction point.

In a sense, all pages are sensitive. Users might click to go to a page and see the super-secret-no-it-doesn't-exist-mod-forum. That would be bad news. All we ever do in there is hold secret meetings, talk about our hatred of users, and high-five each other at every infraction point.

Why didn't I think about this!

In a sense, all pages are sensitive. Users might click to go to a page and see the super-secret-no-it-doesn't-exist-mod-forum. That would be bad news. All we ever do in there is hold secret meetings, talk about our hatred of users, and high-five each other at every infraction point.

You left out the celebratory fruit punch.

I had to nip this in the butt fast.

Lol.

Lol.


Doesn't sound very sanitary, does it?

Couldn't stop laughing when I read that.

Nip in the butt (http://www.phrases.org.uk/meanings/256600.html)

In a sense, all pages are sensitive. Users might click to go to a page and see the super-secret-no-it-doesn't-exist-mod-forum. That would be bad news. All we ever do in there is hold secret meetings, talk about our hatred of users, and high-five each other at every infraction point.

You know that this is exactly what ----------'s administration board looks like. Except they use pictures from the movie Gladiator to decide "Yay" or "Nay" on certain users.

Ahaha. Point taken and name omitted. But they had a problem awhile back where their administration boards were open to user view and everyone got a glimpse at it within a forty-five minute time slot.

You left out the celebratory fruit punch.

We decided to drop that after Ray's little incident, remember?

Also, for a few seconds, I was Piggy 2.0

We decided to drop that after Ray's little incident, remember?


I always forget Ray is why we can't have nice things. :f4:

This even funnier, because i started thinking Ceddy was someones alt last night in the irc. Lawls all around!

Unfortunatly, i was not online for this...

Darn!

Unfortunatly, i was not online for this...

Darn!

Me either. D: Oh well. :f3:

Unfortunatly, i was not online for this...

Darn!

i was and i still missed it.

Most win thread of the month, and it was made in Site Announcement.

Most win thread of the month, and it was made in Site Announcement.Pretty much what I was thinking, lol.

Woooow. LOL.

Very bad april fools prank.

If I hadn't noticed this very bad bug, people could have gone into their private message inbox, clicked on a private message, and see other people's private messages instead of the one they wanted to see. Definitely not a good thing. I had to nip this in the butt fast.

As long as it was caching the entire request (http://www.southperry.net/showthread.php?t=27244&page=1, not http://www.southperry.net/showthread.php) I don't think that would happen.

Then again, there are better ways of pranking the homepage to show the wrong username than an aggressive cache.



Like replacing the colour tags for usernames with someone's name and then an invisible span that held their actual name.

As long as it was caching the entire request (http://www.southperry.net/showthread.php?t=27244&page=1, not http://www.southperry.net/showthread.php) I don't think that would happen..

The regex command I'm using on the URL is this:

^((?!\.php).)*$

Anything that is not covered by that command --> send to backend apache server.

I'm using nginx as a reverse proxy for static content.