$config['sess_use_database']

[eluser]Christophe28[/eluser]
Hello,

I have set the $config['sess_use_database'] in my config.php file to TRUE and created a sessions table. When working at this table I have noticed data in this table, however I am the only working on this website, and the website is protected by a htpassword (nginx)?

For example:

Code:

session_id = a60f7c297ba2feba0aedf0d01e399bf1
ip_address = 94.226.5.145
user_agent = Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) Ap
last_activity = 1278059848

How is this possible?

Thx for any help!

Christophe

[eluser]WanWizard[/eluser]
If this IP is not your IP (your network configuration could cause public IP's to be registered, for example if your browser uses a proxy), then someone else has access to the application.

The session library doesn't make things up...

[eluser]Christophe28[/eluser]
No this is not my IP (or user agent) and there are different IP addresses in the database. I don't understand where this is coming from ...

[eluser]WanWizard[/eluser]
Guess your webserver authentication needs to be improved...

What server is your webserver running on? And do you have (commandline) access to it? If you do, you could use a network analyser to check the traffic. If not, do you have a firewall or router in front of the webserver that you can use to analyse the traffic.

The IP belongs to the range of Belgian ISP Telenet, geo located somewhere south of Antwerp.

[eluser]Christophe28[/eluser]
Then it must be the IP of my ISP? That's odd? How come it is not my IP address? And there are different IP addresses in the database. Also an msn['bot'] row ...

Christophe