Why do I have to keep logging in so often?
- KVRAF
- Topic Starter
- 6113 posts since 7 Jan, 2005 from Corporate States of America
Nope, I don't think so. I've replaced the cookies and the behavior continues. If it's the cookie, then it's how the site is using them and is something the site admin must fix. Deleting the cookies just makes the user have to log in again anyway. Delete or not, I still have to log in repeatedly. "Keep me logged in" does not work.Nielzie wrote:It´s the goddamn cookie. Kill it. Delete it. Eat it.
- dysamoria.com
my music @ SoundCloud
my music @ SoundCloud
- KVRAF
- 16857 posts since 8 Mar, 2005 from Utrecht, Holland
OK, so I got enough of having to log in again. Pattern: it only happened on my Android mobile, not on regular PCs on which I use regular browsers such as Chrome. But Chrome sucks on my mobile, there I use Dolphin. So I figured it had to be the Dolphin browser causing this.
So I switched to Opera on Android: no problem since !!
So I switched to Opera on Android: no problem since !!
What type of device, and which browser is this?Jace-BeOS wrote:I still have to log in repeatedly. "Keep me logged in" does not work.
We are the KVR collective. Resistance is futile. You will be assimilated. 
My MusicCalc is served over https!!
My MusicCalc is served over https!!
- KVRAF
- 10163 posts since 16 Dec, 2002
Happened on both Android Chrome and iPhone Safari with me
- KVRAF
- Topic Starter
- 6113 posts since 7 Jan, 2005 from Corporate States of America
- KVRAF
- 8503 posts since 12 Feb, 2006 from Helsinki, Finland
Lately my laptop seems to get thrown out every time I change IP (at least I think it's IP as it happens when directly jumping from one network to another, fast enough that session timeout can't be a problem)... and since this is a laptop that keeps moving from one network to another depending on my physical location, it happens quite a bit. It's really annoying.
edit: it seems that if I login on network A, change to network B (another IP), I have to login again, but if I then change back to network A within a short time, it still works.. which would seem to indicate that I can have two sessions open in the same browser?
edit: it seems that if I login on network A, change to network B (another IP), I have to login again, but if I then change back to network A within a short time, it still works.. which would seem to indicate that I can have two sessions open in the same browser?
-
- KVRer
- 11 posts since 23 Apr, 2017
Same annoying thing here. When it happens it's usually when i use a web-link from a KVR email.
It doesn't happen every time when i use a link like that, but when it happens it looks like i always used a email web-link right before i notice i'm logged out again. When i only make use of my Firefox bookmarks i never noticed it.
It just happened again: on one tab of my browser i'm visually still logged in (@ KVR Deals) and at another tab (opened from an email web-link: Voxengo Winter Holidays 2017-2018 Discount) i'm suddenly logged out.
Maybe it's coincidence, but when it happens this often (1-3 times a week) i more and more start to believe it is related to this annoying behaviour.
Does anyone experience the same thing?
I'm also wondering if there are people who never get logged out once they're logged in?
It would be nice if this could be fixed once and for all.
It doesn't happen every time when i use a link like that, but when it happens it looks like i always used a email web-link right before i notice i'm logged out again. When i only make use of my Firefox bookmarks i never noticed it.
It just happened again: on one tab of my browser i'm visually still logged in (@ KVR Deals) and at another tab (opened from an email web-link: Voxengo Winter Holidays 2017-2018 Discount) i'm suddenly logged out.
Maybe it's coincidence, but when it happens this often (1-3 times a week) i more and more start to believe it is related to this annoying behaviour.
Does anyone experience the same thing?
I'm also wondering if there are people who never get logged out once they're logged in?
It would be nice if this could be fixed once and for all.
-
- KVRAF
- 3496 posts since 30 Dec, 2014
I just wasted over an hour typing out a thread and lost it when I tried to login, going back in the history didn't work. It's so annoying arrrg.... 
KVR S1-Thread | The Intrancersonic-Design Source > Program Resource | Studio One Resource | Music Gallery | 2D / 3D Sci-fi Art | GUI Projects | Animations | Photography | Film Docs | 80's Cartoons | Games | Music Hardware |
-
- KVRist
- 84 posts since 30 Apr, 2002
I'm experiencing the same issue here, Firefox, Windows 10. Never used to have to login this often and now it's at least a few times a week.
- KVRAF
- 12615 posts since 7 Dec, 2004
It would make sense for the cookie to contain amongst other data the session ID key hash, which should depend upon your IP address as seen by the server during log-in. This would make it impossible for a man-in-the-middle attack to impersonate you from a different IP which is overall much better. The key exchange process needs to occur every time some element of the key itself such as your IP address changes to ensure any semblance of security.mystran wrote: Tue Mar 14, 2017 10:12 pm Lately my laptop seems to get thrown out every time I change IP (at least I think it's IP as it happens when directly jumping from one network to another, fast enough that session timeout can't be a problem)... and since this is a laptop that keeps moving from one network to another depending on my physical location, it happens quite a bit. It's really annoying.
edit: it seems that if I login on network A, change to network B (another IP), I have to login again, but if I then change back to network A within a short time, it still works.. which would seem to indicate that I can have two sessions open in the same browser?
I would also hope that the implementation is sensible enough to discard any past session when starting a new one. So if you for example start on network A, do key exchange, switch to network B. Session A should no longer function on network B, switching to network A should function. If you recommit to a session B on network B by providing another new key exchange, the session A key should be discarded by the server such that once you're logged in to session B, session A is no longer valid even after switching back to the original address. It may be that session A will still function until the server checks the session key again which will end the session. Any operations which occur in session A during the period after the session key has become invalidated may be rolled back or the server may always re-check the session key before committing anything.
We're talking about foundational threshold level security mechanisms here not even considering all the bots and DDOS attacks internet facing servers deal with.
Last edited by aciddose on Tue Mar 11, 2025 1:21 pm, edited 1 time in total.
Free plug-ins for Windows, MacOS and Linux. Xhip Synthesizer v8.0 and Xhip Effects Bundle v6.7.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.
- KVRAF
- 12615 posts since 7 Dec, 2004
It wouldn't in that sense be only IP-bound, but it would also be bound to the IP in addition to the other security factors at play. This should all be core PhpBB3 implementation details for the most part. My concern is whether any data can be committed during the period after a session key has been invalidated which may be a serious security flaw. I doubt any client-to-server commits do occur without a valid session key but security leakage server-to-client would be potentially equally as concerning. The session may continue due to optimization before ultimately ending but the castle guard shouldn't have their pants around their ankles like that.
Free plug-ins for Windows, MacOS and Linux. Xhip Synthesizer v8.0 and Xhip Effects Bundle v6.7.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.
- KVRAF
- 12615 posts since 7 Dec, 2004
For example say you have identified the accounts authorized to post news updates for corporation X. You gain access to a session key using a trojan on Corp X's laptop and this allows you to read in the data from the draft before it is officially published. Things like this aren't as important as missing plutonium, but, the systems need to be in place to securely handle those things without allowing data leaks to third parties.
Free plug-ins for Windows, MacOS and Linux. Xhip Synthesizer v8.0 and Xhip Effects Bundle v6.7.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.
