Hi,
It seems that everytime I go to TP, I need to log in again, that is everytime I start up the computer.
It's both at work (IE7) and home (IE8). Normally I need to do that like once every two weeks or so?
Also, when the computer is on, going to another website and back to TP it usually gives the text 'log in succesful' for like a few seconds. Also not how it should be I think.
Any of you who have the same issue?
Mike
Yes, I'm seeing weirdness going on with logging in, too. My cookie seemed to have expired this morning, and when going straight to the forum, I was required to log in (for viewing a public page! (for reference, the full url that was the first page I loaded was https://www.travellerspoint.com/forum.cfm?rows=50)). This evening I loaded that same page again as the first visit of the session, and for a few seconds had the "login successful" page, which redirected me to the non-https version of the requested page.
I have had the same issue, at work on IE and at home on Mozilla. it's not every time though - happened this morning but not just now.
We put live a change yesterday which is causing this behaviour. The logging in again after a period of inactivity has always actually been like this, but it was less obvious because it would just *do* it without redirecting you back to the login page.
The reason to make this change is for security, mainly to help prevent a thing called session hijacking. It's a technique hackers can use if they can get access to your cookies and as a result log in to your account. To avoid this, we need to log you in again on a secure (https) page instead of the usual insecure one.
That said, it shouldn't need to log you in again more than once every hour or so.
And it shouldn't be requiring a login on forum thread pages.
Will have a look into both these things today to see if I can replicate them.
I'm also getting a bunch of errors when trying to hit forum pages, and somtimes also being redirected to a secure https version of the page... very strange.
I took me a while (like 10-20 seconds) before I could enter TP on the web right now and it gave an error message. Going to the forum went ok though. But in this thread for example I saw Peter as a last poster on the main page (before opening the thread), while Sam is actually the last one. There sure are a few things not going well, or infected by this recent change.
I think the problem with posting in this thread not updating the "last poster" value is fixed. Let me test.
I've made some improvements to how it works. It didn't need to be sitting on that login page like that. I've now fixed that.
I also added in a *bonus* improvement. If you are writing some long entry and your session expires while you're doing it, it will now actually remember what you posted, log you back in and then continue posting that form. This has been an occasional problem for people writing blogs or long wiki entries and the likes.
Please note, there is still a security hole left as well - if you use the login form that sits at the top of every page, when you post your password in there it is not going over a secure connection. So someone could detect this if they have access to the network you are on (like an open one). You can avoid this problem by instead going to which will be on https . We are going to add a link to this secure login page in that top navigation area, so it can be easily accessed when you are on an untrusted network.
0 Response to "Logging in every time"
Post a Comment