Author Topic: Weird Session Behavior  (Read 590 times)

Offline pj

  • Learning.
  • Technical Guild
  • Evaluator
  • *****
  • Posts: 14179
  • We are made of such stuff as dreams are made of.
Weird Session Behavior
« on: May 23, 2008, 07:01:42 AM »
This thread is to document attempts at tracking down and resolving the sessions issue that we are experiencing right now.

The behavior:
Once logged in, following links to other board locations where the cookie should still have you logged in will often lead you to a guest view rather than a logged-in view.  Log-in can be achieved with any username and any random password, but will bring you back to your own logged-in identity, so it poses no security risk.

It is unknown at this point when this behavior actually started.   It could have something to do with the installed Chat node, as the timing seems to coincide.  It may be an issue with SMF 1.1.5.  It could also be an issue specific to only one browser.  None of these possibilities has yet been explored.

It is pretty certain the the problem has to do with cookie usage in some way, as persistent cookies are how the system remembers login status between sessions.
What truly matters is not built of right and wrong; but of grace, and of love.

--pj

Offline pj

  • Learning.
  • Technical Guild
  • Evaluator
  • *****
  • Posts: 14179
  • We are made of such stuff as dreams are made of.
Re: Weird Session Behavior
« Reply #1 on: May 23, 2008, 08:53:17 AM »
I just found I can hit the 'login' button without typing anything at all in the ID or password slot and end up logged back in.

I'm using FireFox 2.0.0.14

About to check using IE.

The behavior seems specific to FireFox.

Now... when did the last up date come out?
What truly matters is not built of right and wrong; but of grace, and of love.

--pj

Offline pj

  • Learning.
  • Technical Guild
  • Evaluator
  • *****
  • Posts: 14179
  • We are made of such stuff as dreams are made of.
Re: Weird Session Behavior
« Reply #2 on: May 25, 2008, 08:32:10 AM »
Enabling "local storage of cookies" makes no difference.
What truly matters is not built of right and wrong; but of grace, and of love.

--pj

Offline pj

  • Learning.
  • Technical Guild
  • Evaluator
  • *****
  • Posts: 14179
  • We are made of such stuff as dreams are made of.
Re: Weird Session Behavior
« Reply #3 on: May 25, 2008, 07:20:54 PM »
Truly irritating.  The mod for the chat inclusion doesn't have an uninstall, so I can't easily test by removing it from a test site.

And anybody running Firefox can't even follow links inside the forum right now - it just dumps to a login screen and from there to the main index.
What truly matters is not built of right and wrong; but of grace, and of love.

--pj

Offline Raklet

  • Technical Guild
  • Evaluator
  • *****
  • Posts: 1129
Re: Weird Session Behavior
« Reply #4 on: May 28, 2008, 12:11:58 PM »
All of the people at SMF indicate that local cookie storage should be turned off. 

This problem was fixed by turning on "subdomain independent cookies" and clearing the cache and cookies of Firefox.