Having to keep logging in here and the test forum is really peeing me off.

It's not every time, but it's often enough to get on my nerves.

l'm here every day, so it shouldn't be doing it, and on my test forum l have done everything I can to stop it.

This will lose members, there's no way l'm putting this on my main forum until this is fixed.

:(

It's something to do with the cookie and session settings. Off of the top of my head - I'm not sure which settings are the correct ones to use, to fix the problem. Just have a play around with the settings, you might score lucky. :P

It's something to do with the cookie and session settings. Off of the top of my head - I'm not sure which settings are the correct ones to use, to fix the problem. Just have a play around with the settings, you might score lucky. :P

I know what the settings are, and as I said, I've done them all on my forum, and I have no control over the settings here, but coming here every day I shouldn't have to constantly log in.

I know what the settings are, and as I said, I've done them all on my forum,

You DID NOT say that you had already set the settings, so I assumed that was the problem.

but coming here every day I shouldn't have to constantly log in.

Works fine for me and everybody else.

You DID NOT say that you had already set the settings, so I assumed that was the problem.

... and on my test forum l have done everything I can to stop it.

You were saying?

Works fine for me and everybody else.

So you speak for everyone now?

:)

... and on my test forum l have done everything I can to stop it.

In no way does the above say that you had tried playing around with the settings for sessions and cookies in the ACP.

If you'd have said:

I have tried everything I can to stop it, including changing settings for the sessions and cookies.

Then you would have proved me wrong....so shush...

So you speak for everyone now?

I was going on the fact that I haven't seen anyone else post about experiencing problems with staying logged in...

Oh and :) ...

In no way does the above say that you had tried playing around with the settings for sessions and cookies in the Acp

So what did you think "l have done everything" meant, that l'd headbutted the monitor and tipped coffee over the keyboard? Done everything means just that, done everything.

I was going on the fact that I haven't seen anyone else post about experiencing problems with staying logged in.

Then you haven't looked very far.

:cool:


Oh and :P

I'm not having this problem on my test board but it is happening here. :o

I am not having this problem anywhere.

What browser are you using?

If someone's going to delete my posts, at least inform me about it...

What browser are you using?

It's happening to me on IE and FF, but not every time I log on, just every day.

It's happening to me on IE and FF, but not every time I log on, just every day.

Just curious, have you tried nuking the cookies? Apparently sometimes it has a fit with cookies from before upgrades and whatnot. I haven't had this problem much, though I've encountered it on occasion.

Just curious, have you tried nuking the cookies? Apparently sometimes it has a fit with cookies from before upgrades and whatnot. I haven't had this problem much, though I've encountered it on occasion.

Yes, l've deleted all cookies, and all temp internet files, twice.

Having to keep logging in here and the test forum is really peeing me off.

It's not every time, but it's often enough to get on my nerves.

l'm here every day, so it shouldn't be doing it, and on my test forum l have done everything I can to stop it.

This will lose members, there's no way l'm putting this on my main forum until this is fixed.

:(

Maybe it's just your browser?

We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:

1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)
2) You visit from more than one location - you cannot stay logged into more than one pc at a time

This is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.

We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:

1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)

2) You visit from more than one location - you cannot stay logged into more than one pc at a time

This is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.

I did not know that, but the part about the AdminCP I was aware of. I agree with the switching of browsers if IE isn't working or FF, because each operates differently in their own respective manners.

We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:

1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)

2) You visit from more than one location - you cannot stay logged into more than one pc at a time

This is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.

I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out...

I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out...

There are errors in everything, there were times that when I first installed my IPB that I could not login because of an issue with my cookies, I waited for a bit, and never had a problem since.

I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out...

And how do you presume to make the cookies useless. :)

What the stronghold cookie does is tie certain data together - i.e. your IP address and browser (and some other info). The data is stored as a key on your pc. Then, when your account authenticates, the cookie is checked. If it doesn't match, you aren't logged in.

This can actively protect against XSS attacks, even if they get through the various filters in the parsing routine. If someone manages to steal your cookie, they'd also have to have the same user agent string, same ip address, and so on for the stronghold cookie to validate when they visit the site - thus, if your cookie is stolen, it becomes useless, because no one can use it.

IE supports httponly status on the cookies making XSS not available against them. We have a pseudo-support for this in Firefox. Matt explains how in his blog.

We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:

1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)

2) You visit from more than one location - you cannot stay logged into more than one pc at a time

This is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.

D'oh - that explains why it doesn't happen EVERY day for me, because I don't always log in from both work AND home every day.

What the stronghold cookie does is tie certain data together - i.e. your IP address ...

So anyone on dial-up has to sign in just about every day then? That'll please them! :whistle:

I have DSL and I ahve to login quite often also, because my IP changes. This is a tough situation because it's either annoy people by them having to keep logging in or else have less security.

I am not having this problem anywhere.

What browser are you using?

I'm using ie6 and just one pc. :huh:

With IE, a cookie domain *MUST* be set in the ACP - I am unsure if one is set here. If you see a long string of characters in your URL (a session id) it means the cookie isn't being properly set/read, and that is why you have to login. Once a cookie domain is set, I've had no problems with IE.

So anyone on dial-up has to sign in just about every day then? That'll please them! whistling.gif

And this is why we made the stronghold cookie a setting which you can disable on your site if you wish. :) The administrator will have to make the choice - stronger security, or ease of use. It's a very hard line to balance.

I agree with bfarber. Most of the time, there is no way to please everyone. You can make something that works for a majority of people though there will still be the minority. Having the option to switch off the stronghold cookies is perfect though. If a lot of your users have login issues then you are going to have to choose to disable it, and vice versa.

From reading through this topic, as far as I know - only people using dialup experience problems with the stronghold cookies. As these days most people are on Cable or DSL/ADSL Broadband connections and more people are upgrading everyday - it won't matter soon enough. :P