Help! I keep being signed out

[The Stationmaster]

I have been signed out around about a dozen times in the past 5 minutes or so - it happens when I click on a topic or click on something restricted only to members.  I then sign back in only to have exactly the same thing happen again - is it me or is it the site?

[knobhead]

No problem here.

[Andy Y]

No problems at this end Mike but it could be related to the server work last night (moved to an expanded drive) and cookies on your system. Try a browser cache/cookie clearance and see if that shifts it.

[The Stationmaster]

Cache duly cleared out - but I have signed in, and been tipped out, 3 times since I did that!

 

Every time I click on VNC I'm tipped out, and every time I click on the mail icon I'm tipped out.  I managed to get back into thsi thread but was tipped out before I could reply - several times over.  Very odd and most disconcerting.

[bbishop]

Well, Mike, I can spot the solution. It's pretty simple. You just need to press Ctrl I, and turn italics back on.

 

Bill

[martin_wynne]

Hi Mike,

 

You have probably cleared you History cache but not your cookies.

 

The problem is that your browser is returning the wrong cookie to the server. This is usually because you have duplicate cookies -- two cookies with the same name -- when you should have only one. The browser returns the wrong one. This problem can arise if there is an internet break at the very moment when the site is setting the cookie.

 

Have a look in your cookie list, enter rmweb.co.uk in the Search box, and see if there are two with the same name. Delete both of them.

 

regards,

 

Martin.

[Kenton]

 

Cache duly cleared out

Pretty certain it is a cookie problem. Did you delete them too? There aren't half an awful lot of them 14 at the last count! Goodness knows why .... Ah yes I forgot ... IPB

 

Oh and do log off correctly prior to doing it as your login state is probably duplicated in the database somewhere. So the server is getting confused. It thinks you are logged in but the cookie sent indicates otherwise (or some combination of that).

[The Stationmaster]

Thanks for all the advice - I wonder where the cookies live in Safari?  Right - look somewhere different from the place the help page tells you to look and it can be found.  The only rmweb cookie I can find has been deleted.

 

However I seemed to come back in ok anyway after closing the window and I had been logged off anyway;  I only had 1 rmweb cookie in the list so it might not just be a conflict of cookies?

 

My fingers are crossed - firmly.

[The Stationmaster]

And then it happened again - made the above post, clicked on VNC, and was tipped off again.  So I've had another go at clearing the cookie, emptying the cache, this time closing safari completely before coming back - and was required to sign in,  I then clicked on 'Forums then looked for this thread, clicked VNC and was again tipped out so had to sign in again before getting to this off my favourites list.

 

After posting I shall try clicking VNC in order to see what is happening.

[Kenton]

Does anyone know if Safari (a browser I am not familiar with) can be set to selectively block cookies (as Mozilla can with certain addons) I think there are two specific cookies involved with login

 

member_id : a permanent cookie which is set to expire 1 year from last action

pass_hash : a permanent cookie set to expire 1 week from last action

 

There is also a separate session cookie (typical of a php session (though really shouldn't be used and not necessary)

 

cookiemonster,

ipsconnect_24f0346a8896e8e4b0cb5874174ca5af,

mqtids,

rteStatus,

are among the others, and a group of phpbb3_xxxx named cookies (which could be a hang over from older rmweb and just poor cleanup by the lazy programmers. (surprise surprise)

[The Stationmaster]

And then it happened again - made the above post, clicked on VNC, and was tipped off again.  So I've had another go at clearing the cookie, emptying the cache, this time closing safari completely before coming back - and was required to sign in,  I then clicked on 'Forums then looked for this thread, clicked VNC and was again tipped out so had to sign in again before getting to this off my favourites list.

 

After posting I shall try clicking VNC in order to see what is happening.

 

So far it has worked ok (dangerous words I realise) but I have been back on the VNC path 3 times without a problem

 

Does anyone know if Safari (a browser I am not familiar with) can be set to selectively block cookies (as Mozilla can with certain addons) I think there are two specific cookies involved with login

 

 

 

Very limited blocking is possible but all the cookies seem to be just shown by website name with no further information about their form or purpose, selective removal is a simple task and cookies are listed in alphabetical order by website name.

[BR60103]

I've mentioned this before. I had one place that I travelled to where I had the same problem.  When I returned home, the site worked perfectly. I didn't really do anything to fix it.

[Miss Prism]

Getting logged out after a short time, typically 2 min, is not unknown when using Safari with phpBB boards. What is known is that a combination of factors (browser, intervening network, and board) can contribute to the problem, i.e. it is not certain the problem is wholly cookie related. Browsers other than Safari do not seem to have the same problem. Where ISPs run connections through a shared pool, the IP identities, as presented to a board, can change through a session. Relaxing the requirements for IP checking at the board end usually helps the situation.

 

What is odd in this case is that Mike has only recently experienced this before in respect of this IP Board software, so maybe board software updates and/or browser updates are further contributory factors.

[martin_wynne]

Where ISPs run connections through a shared pool, the IP identities, as presented to a board, can change through a session. Relaxing the requirements for IP checking at the board end usually helps the situation.

 

Hi MP,

 

That would surely affect all browsers?

 

My ISP regularly changes the IP -- I usually notice it as the internet connection drops out for a few seconds. But it has never affected my use of RMweb, where I remain logged in for weeks on end unless I actively choose to log out. I don't think IPB uses IPs to maintain logins.

 

From my own experience of running a board (Templot Club) I'm convinced the problem is caused by multiple same-name cookies, although I don't know much about Safari. The board repeatedly updates one of them on each login, but the browser keeps returning the other one. Deleting both (or all if several) and then logging in always solves it.

 

regards,

 

Martin.

[Kenton]

 

I don't think IPB uses IPs to maintain logins.

 

But it is using the default PHP session cookie for some reason (checking client ip consistency for example) If the server has lost that info then it will be different when it returns. It has no need for this and it should be deleted - just as everything else in all those other cookies and called from the database members table.

 

It is also bad form naming cookies such as member_id and pass_hash as their content could be intercepted (I accept pass_hash is encrypted) but usual practice is to combine all data like this in one cookie and then encrypt that. The process of encrypting and decrypting takes a minuscule fraction of processing time (so does retrieving the other 13 cookies) but the additional level of security is worth it. It is also tidy programming (OK not what IPB are capable of).

[Miss Prism]

Thanks Martin, and yes, I agree that in principle the problem should affect all browsers, but Safari does seem to be particularly fussy - deleting cached cookies and then logging in does not appear to solve Safari's inability to return the repeatedly updated board cookie on that subsequent login. But I stress I'm clutching at straws here!

[martin_wynne]

Hi Kenton,

 

I don't see how yet another bash at IPS helps Mike to solve his problem?

 

Despite all the junk IPS code RMweb is actually working very well these days, with over 20,000 member entries. We are where we are.

 

Martin.

[Kenton]

Just to add to the info:

 

Logged out (Firefox), closed browser and cleared cookies.

opened browser and visited site as non-member

Result 2 cookies: "session_id" and "cookiemonster"

Logged in again and now 6 cookies: "session_id" and "cookiemonster" plus the "member_id", "pass_hash", "ipsconnect_xxxx" and a new one "coppa" (session).

 

I appear to have lost the "phpbb3_" group and the "mqtids" and "rteStatus" but these may well return over time as they may be specific to modules within IPB, or simply left over from poor maintenance by programmers when an "upgrade" took place.

[Kenton]

 

I don't see how yet another bash at IPS helps Mike to solve his problem?

 

Despite all the junk IPS code RMweb is actually working very well these days, with over 20,000 member entries. We are where we are.

 

Martin.

Point taken - but just trying to understand why this fault is happening (and keeps coming back to bite) which appears to be related to the cookies and I suspect the sheer abundance of them. I found Mike's comment that there was only one cookie in Safari somewhat puzzling as there are several, each presumably doing something IPB thinks is essential.

 

Leaving it up to users to tidy up and delete cookies is simply poor practice as most probably wouldn't have a clue how to do it and certainly would assume that they have no need to know.

 

Sure naming these cookies does nothing for Mike - but I would hope that there is something going on behind the scenes with IPB investigating why this is happening - listing the cookies should enable a simple trace through the code to identify which modules are at fault and patching it.

 

This is not always a Safari issue - I have had it in the past with Firefox (but know the remedy is to logoff and clear out the cookies)

 

I will agree that the site is running much more smoothly at the moment - but I doubt this has much to do with IPB but a lot more to do with the investment in a good host.

[The Stationmaster]

Gentlemen,

 

Many thanks for your continued interest and comments.  

 

For your information the recent history is as follows -

1. I normally stay logged in but logged out prior to going away last Wednesday.

2. I logged back in on Monday but interestingly I typed my user name wholly in lower case;  I had no problems - and remained logged in until last night's 'entertainment'.

3.  Last night's history you have above.

[Miss Prism]

I found Mike's comment that there was only one cookie in Safari somewhat puzzling as there are several, each presumably doing something IPB thinks is essential.

 

I think Safari does not provide a listing of the set of cookies. It presents the set as 'one'.

[martin_wynne]

Point taken - but just trying to understand why this fault is happening (and keeps coming back to bite) which appears to be related to the cookies and I suspect the sheer abundance of them.

 

Hi Kenton,

 

Yes, but it's not unique to RMweb or IPB. On many forums you will find members posting exactly the same problem as Mike -- "it was fine, but now it keeps logging me out". Ask any board owner using any of the popular forum softwares.

 

I don't know why browsers (or at least Firefox) don't have a function to detect duplicate same-name cookies and do something about them. And I'm not clear how they get created. But I know that deleting them always fixes the problem.

 

At one time, users mixing up the URL with and without the www subdomain could cause similar problems -- you could be logged in on one and not the other. But I haven't seen that problem for a while now.

 

But Mike, if you are still having problems, try logging in on http://www.rmweb.co.uk and http://rmweb.co.uk , and see if it makes any difference.

 

p.s. Andy -- you haven't yet claimed your right to register rmweb.uk (i.e. without the .co part). You have 5 years to do it (before someone else can) but I predict it will become the norm quite quickly. The .uk domains were introduced on 10th June.

 

regards,

 

Martin.

[buffalo]

I think Safari does not provide a listing of the set of cookies. It presents the set as 'one'.

 

That's certainly the case with my copy (v5.1.10) on an equally outdated OSX v10.6.8. Preferences/Privacy/Details just gives a list of sites, each with a note of whether cookies, cache, local storage, plugins, etc are used. The only options are to delete everything for a single site or delete all.

 

Yet some folk wonder why I use Firefox by default on my Mac, PC and Linux boxes...

 

Nick

[Miss Prism]

p.s. Andy -- you haven't yet claimed your right to register rmweb.uk (i.e. without the .co part). You have 5 years to do it (before someone else can) but I predict it will become the norm quite quickly. The .uk domains were introduced on 10th June.

 

Does that mean that Andy would have to pay for the rmweb.uk domain, or would it be free under the 'right to register'?

 

Not sure I see the attraction of the rmweb.uk domain though - what would be the point in using it?

[Kenton]

Martin - a bit of history - the IPB software used to produce cookies with both (www.rmweb.co.uk) and (.rmweb.co.uk) in the cookie's host field. A few with sub-directory in the cookie's path field. This has at least been tidied up now, as I could only find (.rmweb.co.uk) host This may have been part of the problem in the past?

 

I see the "mqtids" cookie is now back, so 7 and counting.

 

 

Not sure I see the attraction of the rmweb.uk domain though - what would be the point in using it?

Prevents some opposition posting a ME2 site (or far worse) and confusing users. Many folk mistype a url and it is so easy to leave off the '.co' ... it is not that it costs much to hold the new domain and simply point it to the true site.