SneakyDave Posted February 24, 2017 Posted February 24, 2017 If you recently visited the site, and wondered why you had to sign in again, the reason is because I recently reset all users' sessions due to a bug recently found in CloudFlare's service. This bug (now fixed) can result in cached pages on one site being presented to users on another site, and this cached data can include personal information, and possibly cookie information. I don't suspect this problem to be a big issue on a small site such as this, but I took the precaution to remove all sessions from the database, and then renamed the cookie prefix for this site, hopefully averting any problems with session hijacking, or any other nefarious actions. Again, I don't see this bug being an issue at all for this site, but I wanted to at least give an explanation of why members have to re-sign in. If you are concerned about this bug, CloudBleed, I also suggest that you change your password. More information about the CloudFlare bug: Incident report on memory leak caused by Cloudflare parser bug Quote "I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Scrotnig Posted February 25, 2017 Posted February 25, 2017 Another good reason never to use Cloudflare. One of the reasons many forum owners cite for using this is the security it adds. Now it seems it causes security issues itself. At least previously it just broke forums, rather than exposing them to security issues. The number of vBulletin users who have issues that are fixed by turning Cloudflare off is astonishing. I see similar stuff on XenForo too so I odunt it's any different. Cloudflare is the emperor's new clothes. A triumph of scare-based marketing spin over substance. There. I've ranted. Hope you're all suitably impressed. Quote "GRIMM is a GAY LORD. And I don't talk to GAYS!" - Gary Thomas Bolton, 2002
Guest GTBLIVING Posted February 26, 2017 Posted February 26, 2017 I have used cloudflare for many years on my forum board and I have never had any issues. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.