Anonymous users allocated to resource group

I have anonymous users becoming members of a user group for no apparent reason when they should just be anonymous users. Flushing caches etc doesn't seem to affect it. Happens even when I use a browser I installed 10 minutes before, that's never been anywhere near the site. It's a problem because I'm displaying different content to members.

reports "User ID 0 ((anonymous))"

Bob Ray's neat CheckUserGroups snippet (http://forums.modx.com/?action=thread&thread=65101&i=1) reports "GROUPS: MyGroup" (where MyGroup is the name of one of my user groups.

The Access Controls page in the manager reports MyGroup has five users, none of whom is (anonymous).

This seems to defy the laws of MODX. Anyone like to point out where I've screwed up?

David, are you seeing those users as members of the groups when you look at them in Manage Users? It may be that my snippet is misreporting.


---------------------------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!
MODx info for everyone: http://bobsguides.com/modx.html

Bob, the five MyGroup users do appear as members of MyGroup in "Manage Users -> Access Permissions".

I should have added this earlier but the (anonymous) user does not appears under "Security -> Manage Users" or in any of the groups listed under "Security -> Access Controls -> User Groups".

Your CheckUserGroups snippet accurately reports the status of logged-on users. It also reports anonymous users as belonging to "MyGroup".

If CheckUserGroups has a bug, so does your ShowSubscribeLinkHere snippet at http://forums.modx.com/thread/?thread=66446&i=1&page=1. That's where I first saw the odd behaviour.

[MODX Revolution 2.2.0-pl2 (traditional)] [ed. note: shorewalker last edited this post 12 years, 3 months ago.]

Could there possibly be any snippets or plugins running on the site that have a call to $modx->joinGroup()? Have you drag-and-dropped any users into user groups?

I can't think of any way what you're seeing could happen spontaneously.


---------------------------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!
MODx info for everyone: http://bobsguides.com/modx.html

Make sure you are using a separate browser session or if you are logged into the manager, your "anonymous" user in the web Context will inherit the policies and groups of the user logged into the mgr Context. This is how things like view_unpublished or allowing mgr users to view the site when site_status is Off work in MODX.

opengeek, as mentioned, I have not only used a separate browser session but different browsers (my normal practice to keep the manager and web contexts away from each other - Chrome for editing, Safari for viewing, Opera for a double-check using test logins) and eventually a newly-installed browser (Dolphin HD on an iPad). Same result everywhere: the (anonymous) user is in a group.

Bob, I could imagine dragging and dropping users accidentally into a group, but I can't even find a way to drag-and-drop the (anonymous) user.

$modx->joinGroup() isn't called on the first page of the site, and this problem pops up immediately when a browser hits the site.

My Plan B at this stage is to add the (anonymous) user to a named user group. Bob, I think you've set out how to do this in previous postings, so I'll be off to find those soon.

I would still love to know what's going on here though. Otherwise this is going to haunt me.

There is no anonymous user, that is simply what an unauthenticated user becomes automatically. There is an anonymous user group however, which applies to all anonymous users (or users that are authenticated and don't have permission through any other user group they are a member of).

It sounds to me like you are caching the output of user-dependent values. If so, the first user to access the page and generate the cache would cache their information into the page. You need to make sure anything that changes based on the user that is accessing it is not cacheable.