forum refresh if multiple tabs open

[Allan - TheTechTribe]

Hi, wondering if anyone here experience when opening multiple browser tabs and leave the browser for a while let say an hour you leave it and comes back, and when you open any of the tabs to check the forum, it just refreshes on its own, is that a browser issue or the forum software?

 

[Randy Calvert]

I don't believe it's the forum software.  When I see this happen, it's because the browser has reclaimed memory.  It does not just happen on IPB, so if I was a bettin' man, I would say it was a function of the browser/OS and most likely a function of the browser trying to manage resource utilization.  

Take a look at:

https://support.google.com/chrome/thread/204546987/why-chrome-tabs-refresh-automatically-when-i-go-to-another-tab-and-how-do-i-stop-it?hl=en

https://workspacetips.io/tips/chrome/how-to-stop-chrome-from-refreshing-your-tabs/

Edited March 6 by Randy Calvert

[Allan - TheTechTribe]

One plugin we use and updated was the WordPress SSO v1.2.3 author by @Stuart Silvester (not sure if this is the author that I tag here, if not please let me know) and core update to v4.7.15, since then members complaining that since last two weeks ago, they are complaining about random refresh of the forum.

 

[DawPi]

3 hours ago, Allan - TheTechTribe said:

is that a browser issue

I think this ^ (due to RAM overload or something, using by a browser).

[Ryan Ashbrook]

@Randy Calvert is correct. This would be a browser issue - most likely because it suspended the contents of the tab, so when put back into focus, it automatically refreshes to get the latest update for the page.

[Allan - TheTechTribe]

Hello guys, well apparently, some members including my CEO experience writing a post or replying to topic and the page it self refreshes, this happens over the last two weeks, where we updated IPB into the latest core v4.7.15 along with these updates

plugin - wordpress sso from 1.2.2 to version 1.2.3
app - chatbox from v2.7.7 to v2.8.3
app - classified from v2.3.5 to v2.4.0 beta 6

We are still investigating the issue

 

Edited March 7 by Allan - TheTechTribe

[Randy Calvert]

I’m confused here… you said in the first post the page refresh occurs if you go away for a long period of time and come back or switch away from the tab for an extended period of time. Now you’re saying it’s happening as they’re writing a post or replying. 

In they start typing a post and go away for some period of time… even if the page refreshes IPB will auto store the content.  It also happens if you navigate away from the page without submitting the message.  I just literally tested this on my own site and on this forum and it works. I completely navigated away from this page (clicking the activity stream and then clicking this thread again).  When I came back, my post was restored along with a message at the bottom explaining the content was auto restored. 

[Allan - TheTechTribe]

Well, members start sending ticket, and I asked for their experience, and some of them they say that when they are replying to a post then it refresh the page.

It also happens to our CEO when he wrote a partial outage of our forum, it happens when our CEO try to edit the topic our CEO did, and it refresh

Here are some of the screenshot topic or replies








And list goes on, just this three member

[Randy Calvert]

I've not seen anyone on my community complain about this and there have not been others on the support site here reporting a similar activity.  So there's a pretty good chance it's not core causing the issue for you.  What happens when you disable chatbox?  Does it still happen?  I personally would start there as SSO should not have anything to do with interacting with your pages once logged in.  The classifieds app generally is interacted only when using the application itself.  The chatbox however can be loaded on almost any page.  

Edited March 7 by Randy Calvert

[Allan - TheTechTribe]

8 minutes ago, Randy Calvert said:

I've not seen anyone on my community complain about this and there have not been others on the support site here reporting a similar activity.  So there's a pretty good chance it's not core causing the issue for you.  What happens when you disable chatbox?  Does it still happen?  I personally would start there as SSO should not have anything to do with interacting with your pages once logged in.  The classifieds app generally is interacted only when using the application itself.  The chatbox however can be loaded on almost any page.

Right now, it happens to me, and recorded the network log file (HAR), only two ajax request trigger this refresh, the notification and the chatbox, so yeah, we will disable this chatbox first and see what happens.

[Marc]

This is not something I have seen happen on anyones site. I know that doesnt help you much, but it does point to the fact its very likely 3rd party

[Allan - TheTechTribe]

1 hour ago, Marc Stridgen said:

This is not something I have seen happen on anyones site. I know that doesnt help you much, but it does point to the fact its very likely 3rd party

I believe so Marc, as its been four hours and no random refresh and redirect happens after I disable this Chatbox+

Will continue to monitor until tomorrow, and if no one experience this, then we can conclude this is the ChatBox and I can contact the author to check it.

 

[Marc]

No problem. Glad to hear you appear to have located the issue

[stoo2000]

Likewise, I don't see how this would be related to the WordPress SSO. It will redirect you to WordPress in some circumstances if your session has expired but that shouldn't be very often if you're using the site.

You can transfer your WordPress SSO Marketplace purchase to my website, this gives you access to downloads, billing and technical support all in one place.

• Visit https://ipb.silvesterwebdesigns.com
• Sign in or Register.
• Go to https://ipb.silvesterwebdesigns.com/redeem-marketplace-keys/
• Click redeem key and enter your product license key (available from https://invisioncommunity.com/marketplace/previous-purchases/ )

If your purchase is expired or nearing expiry, a renewal invoice will be generated for you.

[Allan - TheTechTribe]

14 hours ago, stoo2000 said:

Likewise, I don't see how this would be related to the WordPress SSO. It will redirect you to WordPress in some circumstances if your session has expired but that shouldn't be very often if you're using the site.

You can transfer your WordPress SSO Marketplace purchase to my website, this gives you access to downloads, billing and technical support all in one place.

• Visit https://ipb.silvesterwebdesigns.com
• Sign in or Register.
• Go to https://ipb.silvesterwebdesigns.com/redeem-marketplace-keys/
• Click redeem key and enter your product license key (available from https://invisioncommunity.com/marketplace/previous-purchases/ )

If your purchase is expired or nearing expiry, a renewal invoice will be generated for you.

Hello, are you the author? Yes, we have already an account, however when I try to create a support ticket, seems that page is broken, however, I believe the root cause was the chatbox as there was no complain from any members to this date.

[JP TTT]

Hello. JP here, from the thetechtribe. 

For the continuity of the investigation, can some IPBoard dev help me out to understand what is the purpose of the following snippet.
It is the ajax response in the uploads/javascript_global/root_library.js?v=37062bb1bf1709922374

$(document).ajaxSend(function(event, request, settings) {
                if (!_.isUndefined(settings) && settings.showLoading === true) {
                    if (!$('#elAjaxLoading').length) {
                        getContainer().append(templates.render('core.general.ajax'));
                    }
                    count++;
                    ips.utils.anim.go('fadeIn fast', $('#elAjaxLoading'));
                }
            }).ajaxComplete(function(event, request, settings) {
                if (!_.isUndefined(settings) && settings.showLoading === true) {
                    count--;
                    if (count === 0) {
                        ips.utils.anim.go('fadeOut fast', $('#elAjaxLoading'));
                    }
                }
                if (!_.isUndefined(settings) && !settings.bypassRedirect) {
                    var responseJson = null;
                    if (!_.isUndefined(request.responseJSON) && !_.isUndefined(request.responseJSON.redirect)) {
                        responseJson = request.responseJSON;
                    } else if (!_.isUndefined(request.responseText)) {
                        try {
                            var jsonResponse = $.parseJSON(request.responseText);
                            if (jsonResponse && !_.isUndefined(jsonResponse.redirect)) {
                                responseJson = jsonResponse;
                            }
                        } catch (err) {}
                    }
                    if (responseJson) {
                        if (!_.isUndefined(responseJson.message) && responseJson.message != '') {
                            ips.utils.cookie.set('flmsg', responseJson.message);
                        }
                        if (responseJson.redirect.match(/#/)) {
                            window.location.href = responseJson.redirect;
                            window.location.reload();
                        } else {
                            window.location = responseJson.redirect;
                        }
                    }
                }
                ips.utils.cookie.init();
            });

The last part in the if(responseJson) block, the condition will always end in a reload/redirect. 

I've being trying to catch it but is not easy by the randomness of the request and the issue.

Thanks! 

[Allan - TheTechTribe]

Hi, Allan again here.

So two things are happening,

one is that the IPB suddenly refresh on its own in Edge or Chrome, and we notice this ajax request


Also when I try to reply in a post, it redirect me to this page, im posting three URL redirects here
 

https://******/community/topic/21759-the-tribal-portal-is-refreshing-randomly/page/2/?csrfKey=e5443c34943fc25dbd7b19f3b55d4021&usingEditor=1

https://******/community/topic/21759-the-tribal-portal-is-refreshing-randomly/page/2/?csrfKey=e5443c34943fc25dbd7b19f3b55d4021&getUploader=topic_comment_21759

https://******/community/topic/21759-the-tribal-portal-is-refreshing-randomly/page/2/?usingEditor=1&csrfKey=e5443c34943fc25dbd7b19f3b55d4021&getUploader=topic_comment_21759

Any idea?

[stoo2000]

On 3/8/2024 at 1:44 AM, Allan - TheTechTribe said:

Hello, are you the author? Yes, we have already an account, however when I try to create a support ticket, seems that page is broken, however, I believe the root cause was the chatbox as there was no complain from any members to this date.

Yes. Ah, you must have tried at there was an issue with the beta. It has been updated now, please open a ticket if you need assistance.

 

4 hours ago, Allan - TheTechTribe said:

Hi, Allan again here.

So two things are happening,

one is that the IPB suddenly refresh on its own in Edge or Chrome, and we notice this ajax request


Also when I try to reply in a post, it redirect me to this page, im posting three URL redirects here
 

https://******/community/topic/21759-the-tribal-portal-is-refreshing-randomly/page/2/?csrfKey=e5443c34943fc25dbd7b19f3b55d4021&usingEditor=1

https://******/community/topic/21759-the-tribal-portal-is-refreshing-randomly/page/2/?csrfKey=e5443c34943fc25dbd7b19f3b55d4021&getUploader=topic_comment_21759

https://******/community/topic/21759-the-tribal-portal-is-refreshing-randomly/page/2/?usingEditor=1&csrfKey=e5443c34943fc25dbd7b19f3b55d4021&getUploader=topic_comment_21759

Any idea?

Background AJAX requests are totally normal but you shouldn't get redirected to them.

[Michael Collins]

I've just had a similar issue on our site. I began a reply, left idle for an hour, came back and was redirected to /community/topic/13113-test-server/?crfKey=8bab10f434be10111ed05ed2eb2a5ca3&getUploader=topic_comment_13113

[Marc]

30 minutes ago, Michael Collins said:

I've just had a similar issue on our site. I began a reply, left idle for an hour, came back and was redirected to /community/topic/13113-test-server/?crfKey=8bab10f434be10111ed05ed2eb2a5ca3&getUploader=topic_comment_13113

As mentioned above, it would indeed refresh on some browsers, but thats a browser issue rather than a software one

[JP TTT]

After MONTHS the bug was haunting us, our IT guy finally got the culprit. 
Here are his comments about it: 

Quote

I've finally tracked this sucker down and managed to reproduce it multiple times.

Here’s what’s happening:

The issue occurs when a client’s IP switches between IPv4 and IPv6 mid-session.

If you start on IPv4, the session is tied to that IP.

When the browser switches to IPv6, the mismatch invalidates the session, leading to a page refresh during the next AJAX request.

Steps to replicate:

Force IPv4 address (###.###.###.###) using the hosts file, open the portal and browse some topics.

Keep the tab open and modify the hosts file to use the IPv6 address (####:####:####:####:####).

Let the browser’s DNS cache expire.

Observe the page refresh on the next AJAX call.

This behavior seems related to how IPB validates sessions.

The quick solution was to turn off the Check IP address on validating sessions, in the advance system options of IPB settings. 
It adds up some security risks, but the refreshing bug was hurting the forum engagement.

 

And we hope the WP SSO developer can resolve that internally without compromising security.

I also hope that those experiencing this issue know how to address it, and that IPB and third-party developers consider it in their future implementations regarding session validations.

 

Thanks.
 

[Jim M]

Glad to hear you found the issue. Realistically, this is the software working as intended to invalidate the session from a different IP address. Really this should seldomly happen that your own IP address would change that frequently during a single session unless you actively switch networks or something of that sort or use CloudFlare/proxy.

Are you using CloudFlare or another proxy by chance where these IP addresses may be changing quickly? If so, you will want to ensure that you enable "Trust Proxy provided IP addresses" in ACP -> System -> Advanced Configuration.

[Allan - TheTechTribe]

11 hours ago, Jim M said:

Glad to hear you found the issue. Realistically, this is the software working as intended to invalidate the session from a different IP address. Really this should seldomly happen that your own IP address would change that frequently during a single session unless you actively switch networks or something of that sort or use CloudFlare/proxy.

Are you using CloudFlare or another proxy by chance where these IP addresses may be changing quickly? If so, you will want to ensure that you enable "Trust Proxy provided IP addresses" in ACP -> System -> Advanced Configuration.

You're correct that the software is functioning as intended to protect session integrity. However, in modern networks, IP addresses do not seldomly change, especially in environments with dual-stack networks (IPv4 and IPv6). This behavior is often due to the "Happy Eyeballs" algorithm (Test here: Happy Eyeballs), which dynamically switches between IPv4 and IPv6 to optimize connectivity. Even in IPv4-only networks, such as mobile networks, carriers use CGNAT (Carrier-Grade NAT), which can randomly change the public IP.

Here are some common scenarios where IP switch can occur, as outlined by Akamai (source: Akamai Blog) :
 

1. Network Address Translation (NAT) and CGNAT: Many mobile, enterprise, and residential networks use NAT or CGNAT to support a large number of clients behind a limited pool of IPv4 addresses. Under heavy load, clients might appear to have multiple source IP addresses for individual requests. This is especially common during large-scale events.
2. Apple iCloud Private Relay: Apple's iCloud Private Relay enhances privacy by routing requests through a pair of proxy servers. While the source IP retains geographic information, it can change frequently. This becomes problematic when requests set a token directly on a server, but subsequent requests through Private Relay validate that token.
3. Dual-Stack Clients (IPv4 and IPv6): Clients with both IPv4 and IPv6 connectivity may switch between them during a session. This is especially problematic when a token is set by an IPv4-only host but validated by an IPv6-enabled host, or vice versa. Even in dual-stack environments, clients can switch based on network conditions. IPv6 is often preferred due to its performance benefits and finer-grained geographic information.
4. IPv6 Privacy Addressing: IPv6 clients frequently change their IPv6 address (typically within the same /64) a few times per day. Tokens set during one transition may break during another.
5. Network Switching: When clients switch networks, such as moving from home Wi-Fi to mobile data, the IP address changes. This behavior is becoming more common with 5G and mobile devices that balance traffic between networks to improve performance.
6. Proxy Servers and Secure Web Gateways (SWGs): Enterprise environments often use proxy server pools or SWGs that distribute requests across multiple IP addresses. This results in clients switching source IPs when changing between instances.

These scenarios can cause the application to perceive IP changes as irregular, even under normal conditions.

The assertion that IPs seldom change is inaccurate. What we’re experiencing is a real-world issue:

1. We are using WordPress as an SSO provider.
2. WordPress sessions are configured to last for 365 days.
3. WordPress does not tie sessions to IPs.
4. On a dual-stack network, initial requests may use IPv4, while subsequent AJAX calls switch to IPv6 or mobile network can switch the user IP, invalidating the IPB session. The AJAX then redirects to the login page.
5. The login page checks the WordPress login status, finds the user logged in, and redirects back to the previous page. However, since this happens via AJAX, the page reloads.
6. This issue can occur, for example, after a user reads a post and clicks "Submit Reply," triggering an AJAX request.

Initially, we thought the issue might be tied to multiple tabs or inactivity, as suggested by user feedback. However, after rigorous testing and network analysis, we found that this behavior occurs regardless of the number of tabs or activity level and can be reliably reproduced.

Additionally, we restore correct IP addresses using NGINX, so Cloudflare settings are irrelevant in our case. We're hoping security and UX can be balanced considering this case, either in IPB or the SSO plugin.

Edited Thursday at 05:43 AM by Allan - TheTechTribe

[Jim M]

7 hours ago, Allan - TheTechTribe said:

WordPress sessions are configured to last for 365 days.

This would be highly irregular and likely the cause of an issue too. 

Ultimately though, this sounds more like an issue with your SSO than an issue with our software. You will either need to work with your SSO provider or disable IP session checks in our software to resolve this.

7 hours ago, Allan - TheTechTribe said:

Here are some common scenarios where IP switch can occur, as outlined by Akamai (source: Akamai Blog) :

These examples would likely be irregularly happening in the middle of a session, though possible. Unless someone is on your community all day long without breaking the 20 min session timer. At which point, I would expect the session to break and re-try to create with a new one, which is best practices. The software really has no clue whether or not the individual there is legitimately changing their IP address for these reasons or an attacker is coming in so revalidating the session is required.