• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Why isn't it keeping me logged in?

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Every time I close my browser I have to log in again, even though I checked the box that says to keep me logged on. What can be wrong? (this site does remember me, by the way)

edit: seems to be working now... I don't know what had happened...
[originally posted on jforum.net by manugarciac]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, it's definitely not working properly... It doesn't always keep me logged on... Check it out if you want: http://www.scorpsoft.com.ar/jforum-2.1.7-b3/

edit: I think I discovered the cause... If I enter via www.scorpsoft.com.ar and log in it only keeps me logged in when I access again via de www adress. However, if I enter via scorpsoft.com.ar it doesn't remember me. I don't know why it makes such a distinction though.
[originally posted on jforum.net by manugarciac]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a new jforum cookie created for each URL ... and only one of them can be set to auto-Login at a time.

Example1: cookie contents - autologins in with http://hurricane:8080/jforum URL:
www.hurricane FALSE / FALSE 1220905641 jforumUserHash b18e9175fdc01f31f67fc35f4b215ca1
www.hurricane FALSE / FALSE 1220905748 jforumAutoLogin null
www.hurricane FALSE / FALSE 1220905748 jforumUserId 1
hurricane FALSE / FALSE 1220905738 jforumUserHash ba317066e405c6f6760ce1fd35d22566
hurricane FALSE / FALSE 1220905738 jforumUserId 2
hurricane FALSE / FALSE 1220905738 jforumAutoLogin 1

Example2: cookie contents - login reset to the http://www.hurricane:8080/jforum URL:
www.hurricane FALSE / FALSE 1220906173 jforumAutoLogin 1
www.hurricane FALSE / FALSE 1220906173 jforumUserHash 61196d853517de27ed771f5b868551f8
www.hurricane FALSE / FALSE 1220906173 jforumUserId 2
hurricane FALSE / FALSE 1220906276 jforumUserId 1
hurricane FALSE / FALSE 1220906276 jforumAutoLogin null
hurricane FALSE / FALSE 1220905738 jforumUserHash ba317066e405c6f6760ce1fd35d22566

Note how the jforumAutoLogin null and 1 values get reversed between the two URLs in these examples after I reset the autologin for each URL.

[originally posted on jforum.net by GatorBait3]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

manugarciac wrote:
edit: I think I discovered the cause... If I enter via www.scorpsoft.com.ar and log in it only keeps me logged in when I access again via de www adress. However, if I enter via scorpsoft.com.ar it doesn't remember me. I don't know why it makes such a distinction though.



This is not a jForum issue but rather a browser security issue. The specs define that cookies specify what host/url they apply to. So, when you log into www.scorpsoft.com, the cookie is for this host. scorpsoft.com is a different host, so your browser isn't sending the cookie to this host. And then jForum doesn't know who you are without the cookie.

FWIW, the specs do allow you to set a domain level cookie, but doing this is strongly discouraged because of a lot of tricks that hackers can play with domain level cookies.
[originally posted on jforum.net by monroe]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic