Why do I have to keep logging in so often?

Any problems with the site? How can we improve KVR?
RELATED
PRODUCTS

Post

nm

Post

Nielzie wrote:It´s the goddamn cookie. Kill it. Delete it. Eat it.
Nope, I don't think so. I've replaced the cookies and the behavior continues. If it's the cookie, then it's how the site is using them and is something the site admin must fix. Deleting the cookies just makes the user have to log in again anyway. Delete or not, I still have to log in repeatedly. "Keep me logged in" does not work.
- dysamoria.com
my music @ SoundCloud

Post

OK, so I got enough of having to log in again. Pattern: it only happened on my Android mobile, not on regular PCs on which I use regular browsers such as Chrome. But Chrome sucks on my mobile, there I use Dolphin. So I figured it had to be the Dolphin browser causing this.

So I switched to Opera on Android: no problem since !!
Jace-BeOS wrote:I still have to log in repeatedly. "Keep me logged in" does not work.
What type of device, and which browser is this?
We are the KVR collective. Resistance is futile. You will be assimilated. Image
My MusicCalc is served over https!!

Post

Happened on both Android Chrome and iPhone Safari with me

Post

I'm using an iPad and iPhone with iOS 9.3.5. Safari only.
- dysamoria.com
my music @ SoundCloud

Post

Happens to me on desktop firefox & deleting cookies does fix the problem for a while it seems

Post

Lately my laptop seems to get thrown out every time I change IP (at least I think it's IP as it happens when directly jumping from one network to another, fast enough that session timeout can't be a problem)... and since this is a laptop that keeps moving from one network to another depending on my physical location, it happens quite a bit. It's really annoying.

edit: it seems that if I login on network A, change to network B (another IP), I have to login again, but if I then change back to network A within a short time, it still works.. which would seem to indicate that I can have two sessions open in the same browser?

Post

Same annoying thing here. When it happens it's usually when i use a web-link from a KVR email.

It doesn't happen every time when i use a link like that, but when it happens it looks like i always used a email web-link right before i notice i'm logged out again. When i only make use of my Firefox bookmarks i never noticed it.

It just happened again: on one tab of my browser i'm visually still logged in (@ KVR Deals) and at another tab (opened from an email web-link: Voxengo Winter Holidays 2017-2018 Discount) i'm suddenly logged out.

Maybe it's coincidence, but when it happens this often (1-3 times a week) i more and more start to believe it is related to this annoying behaviour.

Does anyone experience the same thing?
I'm also wondering if there are people who never get logged out once they're logged in?

It would be nice if this could be fixed once and for all.

Post

I just wasted over an hour typing out a thread and lost it when I tried to login, going back in the history didn't work. It's so annoying arrrg.... :x
KVR S1-Thread | The Intrancersonic-Design Source > Program Resource | Studio One Resource | Music Gallery | 2D / 3D Sci-fi Art | GUI Projects | Animations | Photography | Film Docs | 80's Cartoons | Games | Music Hardware |

Post

I'm experiencing the same issue here, Firefox, Windows 10. Never used to have to login this often and now it's at least a few times a week.

Post

Yeah, I constantly have to relogin, why? Chrome PC here

Post

mystran wrote: Tue Mar 14, 2017 10:12 pm Lately my laptop seems to get thrown out every time I change IP (at least I think it's IP as it happens when directly jumping from one network to another, fast enough that session timeout can't be a problem)... and since this is a laptop that keeps moving from one network to another depending on my physical location, it happens quite a bit. It's really annoying.

edit: it seems that if I login on network A, change to network B (another IP), I have to login again, but if I then change back to network A within a short time, it still works.. which would seem to indicate that I can have two sessions open in the same browser?
It would make sense for the cookie to contain amongst other data the session ID key hash, which should depend upon your IP address as seen by the server during log-in. This would make it impossible for a man-in-the-middle attack to impersonate you from a different IP which is overall much better. The key exchange process needs to occur every time some element of the key itself such as your IP address changes to ensure any semblance of security.

I would also hope that the implementation is sensible enough to discard any past session when starting a new one. So if you for example start on network A, do key exchange, switch to network B. Session A should no longer function on network B, switching to network A should function. If you recommit to a session B on network B by providing another new key exchange, the session A key should be discarded by the server such that once you're logged in to session B, session A is no longer valid even after switching back to the original address. It may be that session A will still function until the server checks the session key again which will end the session. Any operations which occur in session A during the period after the session key has become invalidated may be rolled back or the server may always re-check the session key before committing anything.

We're talking about foundational threshold level security mechanisms here not even considering all the bots and DDOS attacks internet facing servers deal with.
Last edited by aciddose on Tue Mar 11, 2025 1:21 pm, edited 1 time in total.
Free plug-ins for Windows, MacOS and Linux. Xhip Synthesizer v8.0 and Xhip Effects Bundle v6.7.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.

Post

IP-bound is a terrible idea

Post

kujoi wrote: Tue Mar 11, 2025 1:21 pm IP-bound is a terrible idea
It wouldn't in that sense be only IP-bound, but it would also be bound to the IP in addition to the other security factors at play. This should all be core PhpBB3 implementation details for the most part. My concern is whether any data can be committed during the period after a session key has been invalidated which may be a serious security flaw. I doubt any client-to-server commits do occur without a valid session key but security leakage server-to-client would be potentially equally as concerning. The session may continue due to optimization before ultimately ending but the castle guard shouldn't have their pants around their ankles like that.
Free plug-ins for Windows, MacOS and Linux. Xhip Synthesizer v8.0 and Xhip Effects Bundle v6.7.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.

Post

For example say you have identified the accounts authorized to post news updates for corporation X. You gain access to a session key using a trojan on Corp X's laptop and this allows you to read in the data from the draft before it is officially published. Things like this aren't as important as missing plutonium, but, the systems need to be in place to securely handle those things without allowing data leaks to third parties.
Free plug-ins for Windows, MacOS and Linux. Xhip Synthesizer v8.0 and Xhip Effects Bundle v6.7.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.

Post Reply

Return to “Site Stuff”