ATutor

Learning Management Tools


  1. Home



Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


Multiple Installation on the same server



  • 2008-03-02 07:28:16

    Multiple Installation on the same server

    Hi all,

    There are 4 ATutor installation on my linux-based server (atutor, btutor, ctutor, dtutor). All four installation have their own database. When I logged on one of these installation, I could enter directly (without login) the others.

    Example:

    I login;
    http://www.sanalkampus.web.tr/atutor

    Then I changed folder name like this;
    http://www.sanalkampus.web.tr/btutor

    I could see btutor pages. (I have no user account in btutor)

    I think, on the same server, session variables allowed this. It is a big security problem I think. How can I fix it?

    Thanks.

    Attachment (Atutor and Btutor screenshots)

    Things to describe:
    operating system - Linux 2.6.9-023stab044.4-smp
    version of ATutor - 1.6
    versions of php - 4.4.6
    version of mysq l - 4.1.22-standard
    webserver & version - Apache 2.0
    changes to default settings - No changes
    web browser being used - IE, Firefox, Opera


  • 2008-03-02 09:21:02

    Re: Multiple Installation on the same server

    About line 91 in include/vitals.inc.php, uncomment the following line

    [php]

    session_set_cookie_params(0, $_base_path);

    [/php]


  • 2008-03-03 10:04:49

    Re: Multiple Installation on the same server

    Thanks Greg...

    Your support is awesome...


  • 2008-03-03 19:14:00

    Re: Multiple Installation on the same server

    Thanks Greg as I had a similar problem with various instances on one server, resulting in users assuming different identities (of other existing users) when swapping between the instances without logging out of the previous one. The issue is now solved.

    Karel


  • 2008-03-04 04:39:22

    Re: Multiple Installation on the same server

    I guess it should be considered as the default for the future release.

    We've been experiencing a similar thing between our production and testing installations (those at the same server).