ACP - Logging-in all the time - can we get this fixed

[Clickfinity]

I wanted to look at four members side-by-side today so I right-clicked the first one and opened it up in a new browser tab.

I was required to login, so I did. Hey presto, member's profile - great, just what I want.

I go back to the first window and search for the next member - but have to login again.

Same process repeated for each member, and thereafter when I switch to any of the members and try to do anything with their profiles, I have to bloody log back in again.

Quite frankly, it's a nightmare and needs something doing with it.

Why can't you just set a cookie timeout and have done with it - why does it invalidate with every new call? It really makes multi-taking with the ACP redundant!!!

Cheers,
Shaun :D

[Amged Osman]

no, you dont need to login each time if you did not pass the cut off time limit or idled

[Taylor J]

Probably you passed the cut off time in the first window, then when logging back into the acp on the newly opened tab you will have to login back to the first tab. Then it should work, you don't ever have to keep logging back in unless you passed the cut off time.

[Clickfinity]

Okay, there's something wrong here (and, admitted, it could be with me - and not the software) but for the life of me I cannot get my board to duplicate the problem.

Strange.

Ah, hang on, it's when I leave the ACP and want to come back in - I have to log back in again. Why doesn't the login cookie stick?

Cheers,
Shaun :D

[Taylor J]

It's for a security reason.

[bfarber]

We do not use cookies for the ACP session. It's a security precaution.

[Taylor J]

Yay I got one right 8D.

[Clickfinity]

So there's no way around this?

It's not been a problem up until now because I haven't had much free time to work on my board, but I've spend the last couple of days working away at it constantly, and I've lost count of the number of times I've have to log back in again.

Any plans to change it at all? Maybe offer people the option of using a cookie if they want to? :wink:

Cheers,
Shaun :D

[Taylor J]

I remember a topic requesting for this to happen, someone got it to work for him but it is a huge security risk to do it.

[Amged Osman]

Well there is a way to disable the acp login .. i wouldnt recommend it as it compromise your security.. but you can use a .htaccess username & password if you want to use this codes

I usually use it for my development board


Open: admin/sources/base/ipsRegistry.php and find:

$validationStatus  = self::member()->sessionClass()->getStatus();

$validationMessage = self::member()->sessionClass()->getMessage();

Replace with:

$validationStatus  = true;#self::member()->sessionClass()->getStatus();

$validationMessage = self::member()->sessionClass()->getMessage();

self::$handles['member']->setMember(1);

Replace the number 1 with the desired member ID to log in with all the time



Again this is risky! but it shall not ask you to enter ur login in ACP

[Clickfinity]

Okay, well thanks for the tweak - and I appreciate your comments regarding risk / vulnerability - caveat emptor and all that ... :thumbsup:

I may keep this thread handy for when I'm doing "major" work, and then revert back for normal (as and when I can fit forum life around everything else in my life) usage.

Cheers,
Shaun :D

[Matt]

We often resist making it easier to access the ACP solely for security reasons. It is annoying but as far as I can recall we've never had a single acp log in security issue since day one.

[Amged Osman]

We often resist making it easier to access the ACP solely for security reasons. It is annoying but as far as I can recall we've never had a single acp log in security issue since day one.

+ 1 to that, I've been using ipb since ver 2.0.4 and never had issues with ACP logins, maybe only when I installed 2 versions of IPB on same address, but back then i didnt know about the cookie prefix, but that wasnt IPS's fault. it was my lake of knowledge about IPB features and settings ...

[rastaX]

I sure hope there is some wood knocking going on here.

This always makes me nervous, saying something bad has never happened................ >_<

yet