Jump to content

Logging in

Guest theclub

By Guest theclub
in Feedback

Recommended Posts

theclub Newbie

theclub

Posted
Posted

Having to keep logging in here and the test forum is really peeing me off.

It's not every time, but it's often enough to get on my nerves.

l'm here every day, so it shouldn't be doing it, and on my test forum l have done everything I can to stop it.

This will lose members, there's no way l'm putting this on my main forum until this is fixed.

:(

Link to comment
Share on other sites
.KX Explorer

.KX

Posted
Posted

It's something to do with the cookie and session settings. Off of the top of my head - I'm not sure which settings are the correct ones to use, to fix the problem. Just have a play around with the settings, you might score lucky. :P

Link to comment
Share on other sites
theclub Newbie

theclub

Posted
Posted

It's something to do with the cookie and session settings. Off of the top of my head - I'm not sure which settings are the correct ones to use, to fix the problem. Just have a play around with the settings, you might score lucky. :P

I know what the settings are, and as I said, I've done them all on my forum, and I have no control over the settings here, but coming here every day I shouldn't have to constantly log in.
Link to comment
Share on other sites
.KX Explorer

.KX

Posted
Posted

I know what the settings are, and as I said, I've done them all on my forum,

You DID NOT say that you had already set the settings, so I assumed that was the problem.

but coming here every day I shouldn't have to constantly log in.


Works fine for me and everybody else.
Link to comment
Share on other sites
.KX Explorer

.KX

Posted
Posted

... and on my test forum l have done everything I can to stop it.

In no way does the above say that you had tried playing around with the settings for sessions and cookies in the ACP.

If you'd have said:

I have tried everything I can to stop it, including changing settings for the sessions and cookies.


Then you would have proved me wrong....so shush...

So you speak for everyone now?


I was going on the fact that I haven't seen anyone else post about experiencing problems with staying logged in...

Oh and :) ...
Link to comment
Share on other sites
theclub Newbie

theclub

Posted
Posted

In no way does the above say that you had tried playing around with the settings for sessions and cookies in the Acp

So what did you think "l have done everything" meant, that l'd headbutted the monitor and tipped coffee over the keyboard? Done everything means just that, done everything.

I was going on the fact that I haven't seen anyone else post about experiencing problems with staying logged in.

Then you haven't looked very far.

:cool:


Oh and :P
Link to comment
Share on other sites
Mat Barrie Experienced

Mat Barrie

Posted
Posted

It's happening to me on IE and FF, but not every time I log on, just every day.



Just curious, have you tried nuking the cookies? Apparently sometimes it has a fit with cookies from before upgrades and whatnot. I haven't had this problem much, though I've encountered it on occasion.
Link to comment
Share on other sites
theclub Newbie

theclub

Posted
Posted

Just curious, have you tried nuking the cookies? Apparently sometimes it has a fit with cookies from before upgrades and whatnot. I haven't had this problem much, though I've encountered it on occasion.

Yes, l've deleted all cookies, and all temp internet files, twice.
Link to comment
Share on other sites
arcalypse Newbie

arcalypse

Posted
Posted

Having to keep logging in here and the test forum is really peeing me off.



It's not every time, but it's often enough to get on my nerves.



l'm here every day, so it shouldn't be doing it, and on my test forum l have done everything I can to stop it.



This will lose members, there's no way l'm putting this on my main forum until this is fixed.



:(




Maybe it's just your browser?
Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:

1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)
2) You visit from more than one location - you cannot stay logged into more than one pc at a time

This is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.

Link to comment
Share on other sites
arcalypse Newbie

arcalypse

Posted
Posted

We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:



1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)


2) You visit from more than one location - you cannot stay logged into more than one pc at a time



This is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.




I did not know that, but the part about the AdminCP I was aware of. I agree with the switching of browsers if IE isn't working or FF, because each operates differently in their own respective manners.
Link to comment
Share on other sites
Luke Mentor

Luke

Posted
Posted

We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:



1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)


2) You visit from more than one location - you cannot stay logged into more than one pc at a time



This is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.



I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out...
Link to comment
Share on other sites
arcalypse Newbie

arcalypse

Posted
Posted

I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out...




There are errors in everything, there were times that when I first installed my IPB that I could not login because of an issue with my cookies, I waited for a bit, and never had a problem since.
Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out...



And how do you presume to make the cookies useless. :)

What the stronghold cookie does is tie certain data together - i.e. your IP address and browser (and some other info). The data is stored as a key on your pc. Then, when your account authenticates, the cookie is checked. If it doesn't match, you aren't logged in.

This can actively protect against XSS attacks, even if they get through the various filters in the parsing routine. If someone manages to steal your cookie, they'd also have to have the same user agent string, same ip address, and so on for the stronghold cookie to validate when they visit the site - thus, if your cookie is stolen, it becomes useless, because no one can use it.

IE supports httponly status on the cookies making XSS not available against them. We have a pseudo-support for this in Firefox. Matt explains how in his blog.
Link to comment
Share on other sites
Stuart Elliott Apprentice

Stuart Elliott

Posted
Posted

We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:



1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)


2) You visit from more than one location - you cannot stay logged into more than one pc at a time



This is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.


D'oh - that explains why it doesn't happen EVERY day for me, because I don't always log in from both work AND home every day.
Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

With IE, a cookie domain *MUST* be set in the ACP - I am unsure if one is set here. If you see a long string of characters in your URL (a session id) it means the cookie isn't being properly set/read, and that is why you have to login. Once a cookie domain is set, I've had no problems with IE.

So anyone on dial-up has to sign in just about every day then? That'll please them! whistling.gif



And this is why we made the stronghold cookie a setting which you can disable on your site if you wish. :) The administrator will have to make the choice - stronger security, or ease of use. It's a very hard line to balance.
Link to comment
Share on other sites
.KX Explorer

.KX

Posted
Posted

I agree with bfarber. Most of the time, there is no way to please everyone. You can make something that works for a majority of people though there will still be the minority. Having the option to switch off the stronghold cookies is perfect though. If a lot of your users have login issues then you are going to have to choose to disable it, and vice versa.

From reading through this topic, as far as I know - only people using dialup experience problems with the stronghold cookies. As these days most people are on Cable or DSL/ADSL Broadband connections and more people are upgrading everyday - it won't matter soon enough. :P

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...