The Flat Earth Society

The Flat Earth Society => Suggestions & Concerns => Topic started by: Thork on September 13, 2014, 02:12:14 PM

Title: Remember login broken
Post by: Thork on September 13, 2014, 02:12:14 PM
I had to clear my browser cache because I was building a website and needed to see it update.

This of course killed all my cookies including the one here at FES. Now, no matter how often I tick the 'stay logged in' box, every time I return, I need to log in again.

Can someone look at this please. Its not the end of the world, but it is a little bit annoying. Thanks.
Title: Re: Remember login broken
Post by: xasop on September 13, 2014, 02:16:24 PM
I've just tried logging out and back in again. I'll see if this problem happens for me.

Meanwhile, what is the expiry on the cookie your browser gets after logging in? In Firefox, this is visible under Preferences -> Privacy -> Show Cookies; I don't know about other browsers.
Title: Re: Remember login broken
Post by: Thork on September 13, 2014, 02:30:52 PM
In Firefox
You are quite the comedian.
Title: Re: Remember login broken
Post by: Ghost of V on September 13, 2014, 04:36:37 PM
I've been having the same problem, but I figured it was mostly due to using private browsing at work.
Title: Re: Remember login broken
Post by: Pete Svarrior on September 13, 2014, 04:41:07 PM
Vauxy, since Thork isn't willing to give a good description of the problem, could you do this:

Meanwhile, what is the expiry on the cookie your browser gets after logging in? In Firefox, this is visible under Preferences -> Privacy -> Show Cookies; I don't know about other browsers.
Title: Re: Remember login broken
Post by: xasop on September 13, 2014, 04:58:01 PM
I've been having the same problem, but I figured it was mostly due to using private browsing at work.

Private browsing would cause this, if it discards cookies at the end of a session, which I'd imagine it would. Have you experienced the problem when not using private browsing?

Also, what pizaaplanet said. It would be very useful to have that information from someone who is experiencing this problem. So far, it hasn't occurred to me (and I tried restarting my browser to see if that would trigger it).
Title: Re: Remember login broken
Post by: Ghost of V on September 13, 2014, 04:59:46 PM
Private browsing would cause this, if it discards cookies at the end of a session, which I'd imagine it would. Have you experienced the problem when not using private browsing?

Also, what pizaaplanet said. It would be very useful to have that information from someone who is experiencing this problem. So far, it hasn't occurred to me (and I tried restarting my browser to see if that would trigger it).

I usually do not end the session my whole shift, which is 9hrs. But yes, private browsing does do that and it might even do it even if you don't end a session. That's why I never mentioned it. My home PC seems to keep me logged in for hours at a time, but if I go away for a day or so and come back I will be logged out.

(http://i.imgur.com/gcp0Sqe.png)

^ does this help you?
Title: Re: Remember login broken
Post by: Thork on September 13, 2014, 05:04:17 PM
I have no expiry information. That column is blank for me.
Title: Re: Remember login broken
Post by: xasop on September 13, 2014, 05:23:39 PM
(http://i.imgur.com/gcp0Sqe.png)

^ does this help you?

Yes, and your login cookie's expiry is in the very near future.

How did you log in? Did you use the form in the top bar, or did you click through to the login page and tick "always stay logged in"?
Title: Re: Remember login broken
Post by: Ghost of V on September 13, 2014, 05:27:22 PM
How did you log in? Did you use the form in the top bar, or did you click through to the login page and tick "always stay logged in"?

I don't remember, however I just logged out and back in ticking "always stay logged in" this time.
Here's my cookies.

(http://i.imgur.com/66T64rE.png)
Title: Re: Remember login broken
Post by: xasop on September 13, 2014, 05:31:34 PM
How did you log in? Did you use the form in the top bar, or did you click through to the login page and tick "always stay logged in"?

I don't remember, however I just logged out and back in ticking "always stay logged in" this time.
Here's my cookies.

(http://i.imgur.com/66T64rE.png)

And it now expires in 2020. That seems correct to me.

However, it's kind of annoying that there's no "always stay logged in" box on the top form. I'll add one soon.
Title: Re: Remember login broken
Post by: Ghost of V on September 13, 2014, 05:33:07 PM
I'll let you know if it logs me out at anytime during the day.
Title: Re: Remember login broken
Post by: Pete Svarrior on September 13, 2014, 05:34:18 PM
And it now expires in 2020. That seems correct to me.
I dunno, bro. "Expires in 2020" and "always stay logged in" are not one and the same.
Title: Re: Remember login broken
Post by: xasop on September 13, 2014, 05:35:08 PM
And it now expires in 2020. That seems correct to me.
I dunno, bro. "Expires in 2020" and "always stay logged in" are not one and the same.

This is SMF we're dealing with. I'm just satisfied they've avoided Y2K.
Title: Re: Remember login broken
Post by: Thork on September 13, 2014, 07:07:17 PM
And it now expires in 2020. That seems correct to me.
I dunno, bro. "Expires in 2020" and "always stay logged in" are not one and the same.

This is SMF we're dealing with. I'm just satisfied they've avoided Y2K.
Its your choice! You can provide the forum with any software you want - you run the site. YOU chose SMF. If you hate it, choose something better. ::)
Title: Re: Remember login broken
Post by: Ghost of V on September 13, 2014, 08:49:12 PM
(http://i.imgur.com/AFrlndF.png)

Came back from my lunch break to this. I had not closed the browser in that time.
Title: Re: Remember login broken
Post by: Pete Svarrior on September 13, 2014, 08:51:21 PM
Its your choice! You can provide the forum with any software you want - you run the site. YOU chose SMF. If you hate it, choose something better. ::)
It's an awkward situation. We put enough work into making SMF work they way we like it that dealing with it now feels like less work than redoing everything.

Plus, it's not like we're struggling. We just enjoy complaining about how shit SMF is - it's our idea of entertainment.
Title: Re: Remember login broken
Post by: Lord Dave on September 13, 2014, 09:13:30 PM
I don't have an issue.

Occasionally it'll drop the auto-login but once I click the "stay logged in" it stays. 
Title: Re: Remember login broken
Post by: xasop on September 14, 2014, 06:01:52 AM
(http://i.imgur.com/AFrlndF.png)

Came back from my lunch break to this. I had not closed the browser in that time.

That's strange. Next time it happens, can you take another screenshot of your FES cookies before logging back in?
Title: Re: Remember login broken
Post by: xasop on September 15, 2014, 04:54:24 AM
I just seemingly got logged out on my phone. This is weird. I'll wait and see if it happens again, and try to nail down what triggers it.

Meanwhile, if anyone else is affected, please let us know. I currently haven't a clue as to what could be causing it, so every piece of information helps.
Title: Re: Remember login broken
Post by: Ghost of V on September 15, 2014, 06:04:43 AM
I just seemingly got logged out on my phone. This is weird. I'll wait and see if it happens again, and try to nail down what triggers it.

Meanwhile, if anyone else is affected, please let us know. I currently haven't a clue as to what could be causing it, so every piece of information helps.

Maybe it has something to do with tapatalk? Happens to me every time I leave the app.
Title: Re: Remember login broken
Post by: Snupes on September 15, 2014, 11:39:37 AM
I just seemingly got logged out on my phone. This is weird. I'll wait and see if it happens again, and try to nail down what triggers it.

Meanwhile, if anyone else is affected, please let us know. I currently haven't a clue as to what could be causing it, so every piece of information helps.

Maybe it has something to do with tapatalk? Happens to me every time I leave the app.
Doesn't happen to me, and I use Tapatalk for this place more than the computer.
Title: Re: Remember login broken
Post by: Blanko on September 15, 2014, 02:27:01 PM
I've been logged out myself, once from my computer and once from my phone. I don't use Tapatalk so it's not that.
Title: Re: Remember login broken
Post by: Pete Svarrior on September 15, 2014, 04:57:09 PM
So, it looks like most (all?) people affected are using more than one machine/browser to browse FES. As a quick test, I logged in and logged out on a second browser while having my usual browser up - I ended up being logged out from both, with the cookie from the original browser disappearing.

I then logged in from my main browser permanently and from the second browser with an expiry of 2 minutes. After that expired, only the secondary browser got logged out.
Title: Re: Remember login broken
Post by: Ghost of V on September 15, 2014, 05:43:58 PM
I've been logged out myself, once from my computer and once from my phone. I don't use Tapatalk so it's not that.

Tapatalk could be causing the issue for some people though. It seems like the site is only allowing one instance to be logged in at a time. So logging into your account under a different IP/whatever could log you out from the other instance or both in some cases.
Title: Re: Remember login broken
Post by: Lord Dave on September 15, 2014, 07:28:49 PM
I'm on my phone (via opera) with both WiFi and cell tower net.  I also use my PC (Firefox) with sandboxie.

It'll log me out like once a month but that's it.
Title: Re: Remember login broken
Post by: Pete Svarrior on September 15, 2014, 08:58:38 PM
It seems like the site is only allowing one instance to be logged in at a time.
That's certainly not true. It does seem, however, that logging out can sometimes log out *all* instances.
Title: Re: Remember login broken
Post by: xasop on September 16, 2014, 12:29:18 AM
So, it looks like most (all?) people affected are using more than one machine/browser to browse FES. As a quick test, I logged in and logged out on a second browser while having my usual browser up - I ended up being logged out from both, with the cookie from the original browser disappearing.

You've cracked it! Thanks for spotting that, pizaa.

In its Logout function, SMF does this (among other things):

Code: [Select]
   if (!empty($user_info['id']))
      updateMemberData($user_info['id'], array('password_salt' => substr(md5(mt_rand()), 0, 4)));

The password_salt here is what's used for encrypting the user's password in the login cookie. Since it gets reset on logout from any browser, this will cause all current logins to be terminated, as their cookies will no longer be valid.

Fixing this is going to require a bit of thinking, as it looks like the salt also gets reset at login time, so logging back in again would break other logins regardless.
Title: Re: Remember login broken
Post by: xasop on September 16, 2014, 12:52:51 AM
I've just pushed a fix that removes the above code in the logout function, and deployed that:

https://github.com/theflatearthsociety/forum.tfes.org/commit/01f96ef52772685f0c745d972499b528ea3fa912

Upon closer inspection, this only happens on login in a few places, none of which is likely to cause problems.

Let me know if this is still a problem, or for those who have been affected, please let me know if it stops happening.
Title: Re: Remember login broken
Post by: Thork on September 18, 2014, 12:21:12 PM
And yet we still don't have EU cookie warnings telling us that identifiable information about us is being stored. I live in the EU dammit. >o<

I have a right to know and choose if I wish to accept cookies. Why this barbaric stealth?
Title: Re: Remember login broken
Post by: xasop on September 18, 2014, 12:26:53 PM
And yet we still don't have EU cookie warnings telling us that identifiable information about us is being stored. I live in the EU dammit. >o<

I have a right to know and choose if I wish to accept cookies. Why this barbaric stealth?

Thork, you know better than to derail S&C threads. But while you're here, have you had any further issues with being logged out in the past two days?
Title: Re: Remember login broken
Post by: Thork on September 18, 2014, 01:21:13 PM
No, it seems fixed.

But now I want a cookie notice. This is supposed to be a Bastian for internet openness and honesty. A cookie message is polite at least and a legal necessity in some parts of the world.
Title: Re: Remember login broken
Post by: xasop on September 18, 2014, 01:40:23 PM
No, it seems fixed.

Excellent, thanks for confirming.

If you'd like to discuss anything else, please start a new thread.