Cacti shows every graph without user logging in

sunherd · Post by **sunherd** » Tue Nov 25, 2008 8:04 am

We have a problem. In addition to our admin account, we have restricted user accounts which should access only specific graphs in the tree, and a demo account that sees some demo graphs.

This goes ok as long as the user is logged in - but if the user logs out and then presses Back button of the browser, he is shown the whole graph tree and can freely access all graphs.

I cleared my browsers caches and tried going straight to the URL http://OUR.SITE/graph_view.php?action=t ... leaf_id=18 (for example) and it shows everything without the user being logged in.

While the user IS logged in, only correct graphs are shown.

Can anyone reproduce this, or is this a known problem and what could we do about this?

Our environment:
OS: Debian 4.0
Apache: 2.2.3 (the default debian package)
PHP: 5.2.0 (the default debian package)
Cacti: 0.8.6i (the default debian package)
Browsers: MSIE6, MSIE7, Firefox2, Firefox3

Thanks for any help,
Jarkko, Finland

Post by **Linegod** » Tue Nov 25, 2008 1:35 pm

And the guest account is disabled?

sunherd · Post by **sunherd** » Tue Nov 25, 2008 5:09 pm

Umm. Wasn't. Now it is and Cacti works just like it should. Thanks for help and sorry to have bothered with this

I had at some point tried to disable the problem by editing some guest stuff from the files themselves, but didn't realise the guest is actually a user and not just a setting.

Cacti shows every graph without user logging in

Cacti shows every graph without user logging in

Who is online