As you mention mixed content and DNSSEC in one sentence, I must ask how do they relate?
I've never understood DNSSEC (although I've never took the time to understand it properly).
The mixed content is a concern yeah. In ie8 (higher ie's as well? don't know) you get a whole popup warning, which annoying. And it's not _really_ secure anymore then (although afaik not less secure than no ssl).
The certificate is 12 pounds or so. Hardly a burdon!
You can also drag and drop skins onto the skins window now, to upload them. There is no limit on the number of skins you can upload with drag and drop in one go (apart from your skin-slots limit of course).
Well there are some downsides. It can also give a false sense of security. There will be mixed content (when people link to external non https sites) and potentially malicious external sites can still access your browser's contents. Of course that is a plain http problem as well, but people may think that because they load a https site, it's all safe. Then again, I don't think that's a big problem here. Making things https only certainly wouldn't add to that problem, so yeah I think I'll make the switch then.
meh ok i see. I was wrong about the cookies only caring about the domain.
Euhmm... this is an easy fix. I can make the cookies be valid on both http and https. But I see the point in https-only cookies. But then I should indeed force https on all requests.
Thinking for a bit .. over dinner ..
The site was always redirecting via php from lfsforum.net to www.lfsforum.net . I guess that is related. I've now made the webserver redirect instead which I think should help in cases like these.
that .. is very strange. I really don't see how a new AND old password can log you in. Maybe those cookies were messed up a bit and were finally reset when the password value changed. And they were not removed properly before .. but then how would you be logged out .. erh, weird.
At least I'm pretty damn sure noone can 'just login'.
actually if you don't check the box, the bbpassword cookie shouldn't exist (which is the point of the remember me box, to not store the password in a cookie if you don't want that).
But yeah, strange expiration date. At least that explains why those cookies are removed after closing the browser. But of course the new questions is, why the faulty expiration date? hummm no idea atm.
When you log in, you do keep the 'Remember Me?' option checked?
You can check that these cookies actually exist after logging in, by finding the bbuserid and bbpassword cookies for lfsforum.net . Check their expiration date.
You're right. I didn't realise that my post would insult people. That certainly was not my intention and I apologise.
I was just writing about something I noticed the other day. Something that struct out at me. But I should have thought it through more thoroughly and in hindsight, I could have gathered some stats to see what's actually happening.
I've done that now. A simple count of who races where at the time of writing. How many licensed racers actually race on licensed hosts or demo hosts?
It turns out not that many licensed racers are on demo hosts.
Demo hosts : 87
Licensed hosts : 46
(hosts with racers in them)
Demo on demo : 325
Licensed on demo : 37
Licensed on licensed : 244
Demo on demo (cruise) : 104
Licensed on demo (cruise) : 6
Licensed on licensed (cruise) : 135
(this list does not include the demo users on the 0.5X hosts)
So I think (and looking at the list of hosts) there are just many licensed people racing on hosts with a few others. Maybe those are hosts with friends. People who joined the host for a specific reason, and not to find a random race host. That would at least explain why these hosts do not show up high on a list of hosts sorted by occupation (answering my own question here, which I should have done from the start).
Of course this is involves a bit of speculation.
hmm, well I hope I didn't upset anyone this time I really don't meant to. I was trying to find an aswer to a question i had.
Also I didn't mean to derail this thread. So let's say something about the topic : I don't think limiting the demo is a good thing. One of the biggest reasons is indeed that demo accounts are easily created.
I agree with your quoted text. It occurred to me the other day that cargame was jam-packed 47/47 and there was not a single other S2 host occupied. So there is room for some more well run S2 hosts I think. People who wanted to join cargame couldn't and would try to find another of its kind. The [AA] hosts are popular as well, but all demo hosts. But it goes to show that well organised hosts attract people and keep them coming back.