[Plugin: DB Cache Reloaded] Security hole?

  • Hello, I found combination of sociable fb-connect plugin + db cache reloaded + wpsupercache resulted in visitors being logged in after log out.
    To reproduce:
    1. WP-SuperCache + Sociable FBConnect Plugin
    -User logs on facebook
    -User visits wordpress blog, is recognised and can post comments
    -User visits facebook and logs out
    -User visits wordpress blog again, this time will appear as anonymous visitor.

    2. DB Cache Reloaded + WP-SuperCache + Sociable FBConnect Plugin, then clear cache
    -User logs on facebook
    -User visits wordpress blog, is recognised and can post comments
    -User visits facebook and logs out
    -User visits wordpress blog again, it’s still being recognised with user credentials.

    Best regards

    https://www.ads-software.com/extend/plugins/db-cache-reloaded/

Viewing 1 replies (of 1 total)
  • LJagermaster

    (@the-living-legend)

    You could advise your members/visitors to clear their cookies (from their browser) after visiting your site. It’s a pain, I know, but doing this should delete the cookie set by facebook’s API and keep them logged out until they log back in manually. Alternatively, try tracking down a plugin/hack that will clear a specific cookie from your visitors browser (if such a thing exists) – be aware tho that you should add a disclaimer to your site informing people that this will happen and ensuring it’s for their own benefit ??

    Can’t help you with the plugin itself I’m afraid as it’s beyond my current ability…

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: DB Cache Reloaded] Security hole?’ is closed to new replies.