Staying loged in

[SuperTrooper]

Before the update I always stayed logged in from one day to the next. Since the update I have to login about twice a day. Yes I remember to make sure the remember me box is checked, and I haven't changed any cookie settings.

 

Anyone else having this problem?

[Daetrin[Admin]]

I don't have a problem with it on this forum, but I do on CTN and it's the same forum software. V'Pier - thoughts?

[TK-4224[501st]]

same problem here

[RBJ[501st]]

..me too

[davej[TK]]

*holds up hand * Me too

 

Edit : It looks like it's only on the front page . I'm fine once I get away from there

[SuperTrooper]

Any update about this little bug?

[TK8280]

Its happened to me also

[TK4205]

me too.

[firebladejedi[TK]]

I have to sign in quite frequently, i can never remember my password either...

[TK4205]

Any update about this little bug?

 

Bump

[Double D[TK]]

Yeah this happened on 2 different computers for me

[Daetrin[Admin]]

I notice it only happens when I shift from one computer to another, e.g. from home to work and back home again. As long as I stay on the same computer, no problem. Is that consistent with anyone else?

[SuperTrooper]

I notice it only happens when I shift from one computer to another, e.g. from home to work and back home again. As long as I stay on the same computer, no problem. Is that consistent with anyone else?

 

Nope, I only use one computer. I check the site several time a day and generally have to login twice daily.

[Daetrin[Admin]]

OK guys, here's the scoop. One of the administrative security settings is to create something called a "stronghold cookie". This is geographically based so it makes stealing your cookie almost impossible. This is set to "true" on these boards as well as CTN and I suspect BSN as well (since it's using the same software / shares admins).

 

So the choice is this: leave it as is (which is an inconvenience but more secure) or weaken board security. Post your opinions below. I'll talk it over with V'Pier and Army Scout.

[SuperTrooper]

I figure the 501st forums don't use a stronghold cookie and they are fairly secure. On the flipside anyone who uses multiple computers may forget to logout if someone else uses them.

[V'Pier[501st]]

Security is there for a reason, to keep hackers and spammers from getting in.

 

Although, I do believe there is another setting that stops it from being picky about where you log in from. But leave stronghold on.

[V'Pier[501st]]

There's also another option in admin that says

 

Match user's IP Address during session validation

If 'yes', the IP address of the user must match the one stored in the sessions table for security. Only use 'no' in an intranet environment where many users share the same IP address.

 

Setting Group: Security and Privacy

 

I've set that to NO for now, tell me if that changes anything, if it doesn't, it might have to do with how long the session is for or the cookie time out.

[Daetrin[Admin]]

Thanks V'Pier - worked for me.

[davej[TK]]

Greg , it's all working fine for me now thanks Good to see that our security is in safe hands

[SuperTrooper]

I'm still being asked to login about every 8 hours.

[V'Pier[501st]]

Haha, every 8 hours haha.

 

There is a session time out you know. It normally logs people out of the forum if they haven't been on it in a while.

 

The thing is, others say they aren't having these problems.

 

I'll check some other cookie settings, but you might want to try the forum out on different browsers.

 

If the same happens for all of them, it's the forum, if it only happens to one browser and not the others, that's pretty self explainitory.

[TK4205]

Odd. Sometimes I have to log in, sometimes I don't.

[TK8280]

yeah, same here

[BactaReality]

Is there a security issue here, because there's no reason I should be pulling up this site and finding that I'm already logged in. I make it a point to sign out and my internet settings are such that I don't save temp files ever and never ever save login settings. This is starting to bug me, because if this site is that unsecure, I'm going to find myself visiting less often. I've heard the RPF is in the process of changing their software, so I'm wondering if this site will follow in that direction.

[BactaReality]

So now the problem has progressed to a not only a more serious level, but a more annoying one as well. I'm finding that when I sign out, that I'm not completely signed out. That is, my ID is still showing up on here indicating that I'm logged in, however, I am not able to post. So I'm actually logged off, but my name still shows as being logged in. WTF.