Disturbing E-mail

[Guest]

I got the following E-mail a few minutes ago:

 

I don't know what the problem is, but to make users register before they can browse products is rediculous.  On top of that, the login doesn't work, and logs the user out everytime a product is selected.  Once you fix these issues, you will have a good thing going, but until then, your site is extremely obnoxious. 

 

Sincerely,

 

I have run into what appears to be a similar problem with my webform that uses PHPbb. So I am thinking it could possibly be a server issue. But I am not at all familiar with the login security used for OSC. Anyone have any ideas where to start?

[fmerrill]

was the email from an AOL user?

[Guest]

No the e-mail was sent from a company e-mail server.

******@nortelnetworks.com

[fmerrill]

It's possibly related to their outbound proxies from their network.

If nearly every request for a page (by a click on a page) is actually coming from a different proxy (AOL does this for their outbound user traffic) then to your server it probably looks like every single click they make is a different user trying to access a page, but since there might be a sessionID attached, it thinks it needs to have them login to return to that session. that may not have made much sense, but it could be related to the way their network allows them outbound access.

 

once they login, all hell kind of breaks loose, so to speak, and they will continue to get a login screen when clicking on another link on a page.

 

search the forums as there has been a fair amount of talk about these type issues, and don't take what I say as being correct until you are sure yourself that it is, or until your sure I'm nuts!

 

ADDED: If you can look at your log files, see if they accessed your site from several hosts/proxies within Nortel. If so, then that further confirms this possibility.

[Guest]

I looked into my server logs....here is what I'm seeing:

 

66.71.41.204 accessed one page

then 66.71.41.205 access another page

then 66.71.41.206 accessed another page

 

So on and so forth from about 180 to 222

 

So It looks like your correct, but now the question is, is there any way to correct the problem? I'm just trying to figure out what to search for.

[fmerrill]

Those addresses resolve to different hosts at Penn State (psu.edu), not Nortel, but that doesn't mean it wasn't someone maybe a Nortel employee doing some work at Penn State (I believe Penn has a contract with Nortel for some kind of support), and he might have tried using their internet connection to surf, but sent the email from his Nortel email system because he probably doesn't have a Penn State email address. It could be that Penn State uses a rotating proxy system like AOL.

 

all speculation of course!

 

as far as what to search for, maybe: proxy problem ??

 

I don't really know, I can't ever figure out how to search with this forum, it won't take 3 letter searches (like AOL).

[Guest]

I talked to one other person that had a similar issue. They said they were told to change the "Check IP Address" to false and "Force Cookie" to true. They said they have run their shop with "Force cookie" set to false though as no one can tell them what force cookie will do.

 

Sound right?