The online racing simulator
LFS Forum keeps logging me off
1
(29 posts, started )
LFS Forum keeps logging me off
This problem started after I reinstalled my browser (opera). It's like it doesn't keep the cookies or something, I keep getting logged off from the forum everytime I close my browser. This only happens on LFS forum. I think this is a problem on my side, but I can't figure out why is this happening.
I tried to delete all my cookies from the forum, clearing the cache and trying again, but with the same result. Any ideas?
Maybe the following option is checked :

Settings -> Preferences -> Advanced -> Cookies -> Delete new cookies when exiting Opera

though I suspect you've already seen that. But I have no other idea.
Oh, is your computer's clock running on time?
That option is not checked. My clock is synched with the microsoft servers, so that's not a problem I think.

This only happens at lfsforum, everything else is working. (even lfsworld)
When you log in, you do keep the 'Remember Me?' option checked?
You can check that these cookies actually exist after logging in, by finding the bbuserid and bbpassword cookies for lfsforum.net . Check their expiration date.
Of course I check "remember me"

Strange, the expiration date on those cookies is set to the time I log in. It's like I'm not checking the "remember me" box, but I do.
actually if you don't check the box, the bbpassword cookie shouldn't exist (which is the point of the remember me box, to not store the password in a cookie if you don't want that).

But yeah, strange expiration date. At least that explains why those cookies are removed after closing the browser. But of course the new questions is, why the faulty expiration date? hummm no idea atm.
#7 - Nilex
Try checking site preferences. Same path as Victor's up to Advanced, after its: -> Content -> Manage Site Prefs. If this site is customized in any way it should list there. You know what to do from there i think. If it's not listed then i don't know.
Btw, you can shortcut to Site Prefs by right-clicking on an empty space then select it. F12 is also cool shortcut.

Vic, would you mind if i ask you about specific lfsw cookie expiration issue i have (also on Opera) in this thread. It's uber obscure that i'm positive it only bothers meyself and noone would be able to help me. I thought if i make a new thread it would go unnoticed but since you read this... pls
sure. ask away.
I read every (new) thread in this section btw.
Ok, I got it. Vic, you might be surprised

So, a couple of months ago, I changed my password from a OLD one to a NEW one. When I try to log in on the forum with the NEW one, It logs me in but the weird cookies get issued. So I got an idea and logged in with my OLD password, and I got a message that the password is incorrect and I have 5 tries left. The strange thing is that I got logged in anyway. I think this might be a bug

btw, my cookies are now set to expire at 2014

//edit: I changed my password through lfs.net
Nice, tnx

After i login to LFSW and select windows i want to have opened and their position i log off. So next time i login all is nice and well just like i left it with the added benefit that from now on i don't have to log off. Instead i just close the tab or Opera itself and next time i go to lfsw i'm loged in automatically and windows are all nicely positioned - really nice overview of whats going on, quick and easily accessible.
Problem is that it stays that way only about a week or so, without my intervention whatsoever. On the 8th day i'm greeted with only 'Home' window. All others are lost until i open & reposition them again, log off then login. Thats hits hard for a lazy guy like myself
I can intervene for example on the 6th day (if i'm lucky to remember) by moving one of the windows by a pixel, log off then login back again. I'm safe for another week. So that is what i did long time until i happily found i can manually change each cookie's own expiration date. But that didn't work. It seem only to show expiration date and editing it is just for show.
Is it possible to prolong this from 1 week? Maybe is built-in security feature. I kidna made my peace with it until i read cookie expiration date phrase and i had to give it a shoot!
Windows i have opened are: Live alert, online racers stats & s2 hotlaps. Those give me 4 cookies total to edit. One thing i noticed among it all is that the 'S2 hotlaps' -> 'Hotlap uploading log - displaying:' info stays remembered which gave me hope
oh sure, 7 days is kinda conservative indeed, for an innocent cookie like this. Changed to 365 days now.
Quote from Nadeo4441 :Ok, I got it. Vic, you might be surprised

So, a couple of months ago, I changed my password from a OLD one to a NEW one. When I try to log in on the forum with the NEW one, It logs me in but the weird cookies get issued. So I got an idea and logged in with my OLD password, and I got a message that the password is incorrect and I have 5 tries left. The strange thing is that I got logged in anyway. I think this might be a bug

btw, my cookies are now set to expire at 2014

//edit: I changed my password through lfs.net

that .. is very strange. I really don't see how a new AND old password can log you in. Maybe those cookies were messed up a bit and were finally reset when the password value changed. And they were not removed properly before .. but then how would you be logged out .. erh, weird.
At least I'm pretty damn sure noone can 'just login'.
If only i asked earlier . 365 Thankses
Quote from Victor :that .. is very strange. I really don't see how a new AND old password can log you in. Maybe those cookies were messed up a bit and were finally reset when the password value changed. And they were not removed properly before .. but then how would you be logged out .. erh, weird.
At least I'm pretty damn sure noone can 'just login'.

After some testing, I found out that I can enter anything as the password and get logged in. Only after I get logged off though. Doesn't work if I have no cookies at all. What the hell?

//the cookies get set to 2014, but I get logged off anyway. I don't get it :/


//edit: okay, I got it. I have lfsforum on my speeddial and it points to http://lfsforum.net , but when I log in, it redirects me to https://lfsforum.net, where I'm already logged in. It's like the non SSL and the SSL version's of the site require separate cookies or something.
raight.
The site was always redirecting via php from lfsforum.net to www.lfsforum.net . I guess that is related. I've now made the webserver redirect instead which I think should help in cases like these.
Would it be possible to redirect from http:// to https:// ?
Try to close lfsforum and your browser, then start it up again and type http://www.lfsforum.net in it. It appears like you have been logged off, but if you type it in with [url]https://,[/url] you are still logged in.
That sounds like a shortcoming in your browser. Cookies should not care about http or https (not 100% true, but for this purpose it is). The domain is all that matters.
So if your browser logs you in for https://www.lfsforum.net but not for http://www.lfsforum.net then that is a bug in your browser.
Can you try that on http://www.lfs.net and https://www.lfs.net ?

PS I am actually considering forcing https on the forums. As a start, you'll get https links in forum update emails from now on.
Yeah, on lfs.net it doesn't matter. I stayed logged in.

But on lfsforum, the issue still remains. I tried this in firefox and chrome too, so it's not only opera's fault.
wow ok I can actually replicate this on chrome.
well, that warrants a closer look.
meh ok i see. I was wrong about the cookies only caring about the domain.
Euhmm... this is an easy fix. I can make the cookies be valid on both http and https. But I see the point in https-only cookies. But then I should indeed force https on all requests.
Thinking for a bit .. over dinner ..
Would there be any downside if you forced https? I can't think of one.
Well there are some downsides. It can also give a false sense of security. There will be mixed content (when people link to external non https sites) and potentially malicious external sites can still access your browser's contents. Of course that is a plain http problem as well, but people may think that because they load a https site, it's all safe. Then again, I don't think that's a big problem here. Making things https only certainly wouldn't add to that problem, so yeah I think I'll make the switch then.
Right. Thanks for helping me with my problem.
Driver is online at:
I am very sorry for hijacking this thread, but don't want to create another thread just for this as it's an easy fix.

Where is that "user is online at: [server name]" thing?
Attached images
Untitled.jpg
1

LFS Forum keeps logging me off
(29 posts, started )
FGED GREDG RDFGDR GSFDG