[Ghost of V]

I just seemingly got logged out on my phone. This is weird. I'll wait and see if it happens again, and try to nail down what triggers it.

Meanwhile, if anyone else is affected, please let us know. I currently haven't a clue as to what could be causing it, so every piece of information helps.

Maybe it has something to do with tapatalk? Happens to me every time I leave the app.

[Snupes]

I just seemingly got logged out on my phone. This is weird. I'll wait and see if it happens again, and try to nail down what triggers it.

Meanwhile, if anyone else is affected, please let us know. I currently haven't a clue as to what could be causing it, so every piece of information helps.

Maybe it has something to do with tapatalk? Happens to me every time I leave the app.

Doesn't happen to me, and I use Tapatalk for this place more than the computer.

[Blanko]

I've been logged out myself, once from my computer and once from my phone. I don't use Tapatalk so it's not that.

[Pete Svarrior]

So, it looks like most (all?) people affected are using more than one machine/browser to browse FES. As a quick test, I logged in and logged out on a second browser while having my usual browser up - I ended up being logged out from both, with the cookie from the original browser disappearing.

I then logged in from my main browser permanently and from the second browser with an expiry of 2 minutes. After that expired, only the secondary browser got logged out.

[Ghost of V]

I've been logged out myself, once from my computer and once from my phone. I don't use Tapatalk so it's not that.

Tapatalk could be causing the issue for some people though. It seems like the site is only allowing one instance to be logged in at a time. So logging into your account under a different IP/whatever could log you out from the other instance or both in some cases.

[Lord Dave]

I'm on my phone (via opera) with both WiFi and cell tower net.  I also use my PC (Firefox) with sandboxie.

It'll log me out like once a month but that's it.

[Pete Svarrior]

It seems like the site is only allowing one instance to be logged in at a time.

That's certainly not true. It does seem, however, that logging out can sometimes log out *all* instances.

[xasop]

So, it looks like most (all?) people affected are using more than one machine/browser to browse FES. As a quick test, I logged in and logged out on a second browser while having my usual browser up - I ended up being logged out from both, with the cookie from the original browser disappearing.

You've cracked it! Thanks for spotting that, pizaa.

In its Logout function, SMF does this (among other things):

Code: [Select]

   if (!empty($user_info['id']))
      updateMemberData($user_info['id'], array('password_salt' => substr(md5(mt_rand()), 0, 4)));

The password_salt here is what's used for encrypting the user's password in the login cookie. Since it gets reset on logout from any browser, this will cause all current logins to be terminated, as their cookies will no longer be valid.

Fixing this is going to require a bit of thinking, as it looks like the salt also gets reset at login time, so logging back in again would break other logins regardless.

[xasop]

I've just pushed a fix that removes the above code in the logout function, and deployed that:

https://github.com/theflatearthsociety/forum.tfes.org/commit/01f96ef52772685f0c745d972499b528ea3fa912

Upon closer inspection, this only happens on login in a few places, none of which is likely to cause problems.

Let me know if this is still a problem, or for those who have been affected, please let me know if it stops happening.

[Thork]

And yet we still don't have EU cookie warnings telling us that identifiable information about us is being stored. I live in the EU dammit.

I have a right to know and choose if I wish to accept cookies. Why this barbaric stealth?

[xasop]

And yet we still don't have EU cookie warnings telling us that identifiable information about us is being stored. I live in the EU dammit.

I have a right to know and choose if I wish to accept cookies. Why this barbaric stealth?

Thork, you know better than to derail S&C threads. But while you're here, have you had any further issues with being logged out in the past two days?

[Thork]

No, it seems fixed.

But now I want a cookie notice. This is supposed to be a Bastian for internet openness and honesty. A cookie message is polite at least and a legal necessity in some parts of the world.

[xasop]

No, it seems fixed.

Excellent, thanks for confirming.

If you'd like to discuss anything else, please start a new thread.