theclub Posted October 26, 2006 Share Posted October 26, 2006 Having to keep logging in here and the test forum is really peeing me off.It's not every time, but it's often enough to get on my nerves.l'm here every day, so it shouldn't be doing it, and on my test forum l have done everything I can to stop it.This will lose members, there's no way l'm putting this on my main forum until this is fixed. :( Link to comment Share on other sites More sharing options...
.KX Posted October 26, 2006 Share Posted October 26, 2006 It's something to do with the cookie and session settings. Off of the top of my head - I'm not sure which settings are the correct ones to use, to fix the problem. Just have a play around with the settings, you might score lucky. :P Link to comment Share on other sites More sharing options...
theclub Posted October 26, 2006 Share Posted October 26, 2006 It's something to do with the cookie and session settings. Off of the top of my head - I'm not sure which settings are the correct ones to use, to fix the problem. Just have a play around with the settings, you might score lucky. :P I know what the settings are, and as I said, I've done them all on my forum, and I have no control over the settings here, but coming here every day I shouldn't have to constantly log in. Link to comment Share on other sites More sharing options...
.KX Posted October 26, 2006 Share Posted October 26, 2006 I know what the settings are, and as I said, I've done them all on my forum,You DID NOT say that you had already set the settings, so I assumed that was the problem.but coming here every day I shouldn't have to constantly log in.Works fine for me and everybody else. Link to comment Share on other sites More sharing options...
theclub Posted October 26, 2006 Share Posted October 26, 2006 You DID NOT say that you had already set the settings, so I assumed that was the problem.... and on my test forum l have done everything I can to stop it.You were saying?Works fine for me and everybody else.So you speak for everyone now? :) Link to comment Share on other sites More sharing options...
.KX Posted October 26, 2006 Share Posted October 26, 2006 ... and on my test forum l have done everything I can to stop it.In no way does the above say that you had tried playing around with the settings for sessions and cookies in the ACP.If you'd have said:I have tried everything I can to stop it, including changing settings for the sessions and cookies.Then you would have proved me wrong....so shush...So you speak for everyone now?I was going on the fact that I haven't seen anyone else post about experiencing problems with staying logged in...Oh and :) ... Link to comment Share on other sites More sharing options...
theclub Posted October 26, 2006 Share Posted October 26, 2006 In no way does the above say that you had tried playing around with the settings for sessions and cookies in the Acp So what did you think "l have done everything" meant, that l'd headbutted the monitor and tipped coffee over the keyboard? Done everything means just that, done everything.I was going on the fact that I haven't seen anyone else post about experiencing problems with staying logged in. Then you haven't looked very far. :cool: Oh and :P Link to comment Share on other sites More sharing options...
Black Prowler Posted October 26, 2006 Share Posted October 26, 2006 I'm not having this problem on my test board but it is happening here. :o Link to comment Share on other sites More sharing options...
Mark Posted October 26, 2006 Share Posted October 26, 2006 I am not having this problem anywhere.What browser are you using? Link to comment Share on other sites More sharing options...
.KX Posted October 26, 2006 Share Posted October 26, 2006 If someone's going to delete my posts, at least inform me about it... Link to comment Share on other sites More sharing options...
theclub Posted October 26, 2006 Share Posted October 26, 2006 What browser are you using? It's happening to me on IE and FF, but not every time I log on, just every day. Link to comment Share on other sites More sharing options...
Mat Barrie Posted October 26, 2006 Share Posted October 26, 2006 It's happening to me on IE and FF, but not every time I log on, just every day.Just curious, have you tried nuking the cookies? Apparently sometimes it has a fit with cookies from before upgrades and whatnot. I haven't had this problem much, though I've encountered it on occasion. Link to comment Share on other sites More sharing options...
theclub Posted October 26, 2006 Share Posted October 26, 2006 Just curious, have you tried nuking the cookies? Apparently sometimes it has a fit with cookies from before upgrades and whatnot. I haven't had this problem much, though I've encountered it on occasion. Yes, l've deleted all cookies, and all temp internet files, twice. Link to comment Share on other sites More sharing options...
arcalypse Posted October 26, 2006 Share Posted October 26, 2006 Having to keep logging in here and the test forum is really peeing me off.It's not every time, but it's often enough to get on my nerves.l'm here every day, so it shouldn't be doing it, and on my test forum l have done everything I can to stop it.This will lose members, there's no way l'm putting this on my main forum until this is fixed. :(Maybe it's just your browser? Link to comment Share on other sites More sharing options...
bfarber Posted October 26, 2006 Share Posted October 26, 2006 We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)2) You visit from more than one location - you cannot stay logged into more than one pc at a timeThis is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks. Link to comment Share on other sites More sharing options...
arcalypse Posted October 26, 2006 Share Posted October 26, 2006 We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)2) You visit from more than one location - you cannot stay logged into more than one pc at a timeThis is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.I did not know that, but the part about the AdminCP I was aware of. I agree with the switching of browsers if IE isn't working or FF, because each operates differently in their own respective manners. Link to comment Share on other sites More sharing options...
Luke Posted October 26, 2006 Share Posted October 26, 2006 We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)2) You visit from more than one location - you cannot stay logged into more than one pc at a timeThis is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out... Link to comment Share on other sites More sharing options...
arcalypse Posted October 26, 2006 Share Posted October 26, 2006 I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out...There are errors in everything, there were times that when I first installed my IPB that I could not login because of an issue with my cookies, I waited for a bit, and never had a problem since. Link to comment Share on other sites More sharing options...
bfarber Posted October 26, 2006 Share Posted October 26, 2006 I thought that was always a feature on IPB (since 2.1) and the purpose of the "stronghold" cookie was to make the cookies stored useless to anyone else that might obtain them, not cause a log out...And how do you presume to make the cookies useless. :)What the stronghold cookie does is tie certain data together - i.e. your IP address and browser (and some other info). The data is stored as a key on your pc. Then, when your account authenticates, the cookie is checked. If it doesn't match, you aren't logged in.This can actively protect against XSS attacks, even if they get through the various filters in the parsing routine. If someone manages to steal your cookie, they'd also have to have the same user agent string, same ip address, and so on for the stronghold cookie to validate when they visit the site - thus, if your cookie is stolen, it becomes useless, because no one can use it.IE supports httponly status on the cookies making XSS not available against them. We have a pseudo-support for this in Firefox. Matt explains how in his blog. Link to comment Share on other sites More sharing options...
Stuart Elliott Posted October 26, 2006 Share Posted October 26, 2006 We have the stronghold cookie enabled here. That means your session will be killed (and you need to relogin) if:1) You visit in a new browser (i.e. you visit in IE, then visit again in FF)2) You visit from more than one location - you cannot stay logged into more than one pc at a timeThis is configurable from the ACP however. It's a security precaution that helps prevent XSS attacks.D'oh - that explains why it doesn't happen EVERY day for me, because I don't always log in from both work AND home every day. Link to comment Share on other sites More sharing options...
theclub Posted October 27, 2006 Share Posted October 27, 2006 What the stronghold cookie does is tie certain data together - i.e. your IP address ...So anyone on dial-up has to sign in just about every day then? That'll please them! :whistle: Link to comment Share on other sites More sharing options...
TestingSomething Posted October 27, 2006 Share Posted October 27, 2006 I have DSL and I ahve to login quite often also, because my IP changes. This is a tough situation because it's either annoy people by them having to keep logging in or else have less security. Link to comment Share on other sites More sharing options...
Black Prowler Posted October 27, 2006 Share Posted October 27, 2006 I am not having this problem anywhere.What browser are you using?I'm using ie6 and just one pc. :huh: Link to comment Share on other sites More sharing options...
bfarber Posted October 27, 2006 Share Posted October 27, 2006 With IE, a cookie domain *MUST* be set in the ACP - I am unsure if one is set here. If you see a long string of characters in your URL (a session id) it means the cookie isn't being properly set/read, and that is why you have to login. Once a cookie domain is set, I've had no problems with IE.So anyone on dial-up has to sign in just about every day then? That'll please them! whistling.gifAnd this is why we made the stronghold cookie a setting which you can disable on your site if you wish. :) The administrator will have to make the choice - stronger security, or ease of use. It's a very hard line to balance. Link to comment Share on other sites More sharing options...
.KX Posted October 27, 2006 Share Posted October 27, 2006 I agree with bfarber. Most of the time, there is no way to please everyone. You can make something that works for a majority of people though there will still be the minority. Having the option to switch off the stronghold cookies is perfect though. If a lot of your users have login issues then you are going to have to choose to disable it, and vice versa.From reading through this topic, as far as I know - only people using dialup experience problems with the stronghold cookies. As these days most people are on Cable or DSL/ADSL Broadband connections and more people are upgrading everyday - it won't matter soon enough. :P Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.