#9657786, By craigy Just got logged in automatically as another user?

  • craigy Staff 17 Jun 2013 11:21:00 7,722 posts
    Seen 10 minutes ago
    Registered 8 years ago
    Hello everyone,

    Apologies for the delay in responding to this thread. We've been looking into the problem and I can report the following:

    - During the Microsoft E3 livetext, our servers were under considerable pressure. We had a team on hand all night to tweak server configurations to keep the site working.

    - At one point a new Varnish (https://www.varnish-cache.org/about) configuration was deployed to our live servers which incorrectly supplied an authentication cookie for a single user account to all page requests. This meant several people were logged on as a single user named "BulletApe".

    - This problem was quickly spotted, and a new Varnish config was deployed to stop the problem from spreading to more users.

    - The issue affected any users who made page requests between 23:12 and 23:24 on 10th June. Everyone else remains unaffected.

    - This morning I decided to globally invalidate all active logins to force everyone out of the single account. This means you would have been logged out earlier this morning. Sorry about that.

    - The small number of users who were logged in as BulletApe had no access to his password, but could have edited his profile and posted as him.

    Obviously this sort of thing should not happen, and we're reviewing our live deployment process to try and catch this sort of mistake before it happens again. If you want any more information, please feel free to ask.

    Thanks, Craig
Log in or register to reply