Graham Bloice Posted July 15, 2009 Share Posted July 15, 2009 I've noticed that whenever I visit the site from a different computer I'm not logged in to the site even though I've checked the "remain logged in" checkbox. Is this by design and if so to what end? Quote Link to comment Share on other sites More sharing options...
Fog Dart Posted July 15, 2009 Share Posted July 15, 2009 Something to do with 'cookies' i believe.... The browser on your computer will save your information, but wont on other computers unless you have also ticked the box when using other computers. Im sure someone more technically minded will be along shortly to tell me im wrong! Quote Link to comment Share on other sites More sharing options...
Former Member Posted July 15, 2009 Share Posted July 15, 2009 [This posting has been removed] Quote Link to comment Share on other sites More sharing options...
Nobby159 Posted July 15, 2009 Share Posted July 15, 2009 Think Fog Darts hit the nail, I have noticed if you clear your cookies then revisit a site you were logged into you have to log in again, if you catch my drift Edited By Nobby159 on 15/07/2009 22:05:16 Quote Link to comment Share on other sites More sharing options...
Chris Card Posted July 16, 2009 Share Posted July 16, 2009 Just to be clear, this is not to do with inactivity, or failing to tick the "remember me" box. I have exactly the same trouble as Graham - if I subsequently visit the forum using a different PC I am logged out by default. This is even though my last visit to the forum from that PC was logged in with "remember me" ticked. It's somewhat annoying as I seldom visit the forum twice in a row from the same PC but rather alternate between 2 or 3 PCs, using each in turn. It's just the way it works out. It means in practice I have to log in on each visit despite always ticking the "remember me" box. Ultimately it means I tire of entering my details all the time and I seldom log in but rather browse as a guest most of the time. As a result I'm discouraged from posting as I know I need to jump through the extra hoop of logging in, so I can post a comment. Quote Link to comment Share on other sites More sharing options...
Tim Mackey Posted July 16, 2009 Share Posted July 16, 2009 Happens to me too I am afraid . I will pass this on to our tech guys, who may be bale to help. ( inserts fingers crossed icon here ) Quote Link to comment Share on other sites More sharing options...
Doug Ireland Posted July 16, 2009 Share Posted July 16, 2009 Yep, me too. Although there's no point me trying to use the site from my company network as all pictures within forum posts are blocked by our server. Something to do with Photo-bucket and U-tube being considered as an "external storage device" and therefore verboten Quote Link to comment Share on other sites More sharing options...
Tim Mackey Posted July 16, 2009 Share Posted July 16, 2009 Right, had a rather long and technical reply from our techy guru, which as yet, I have not digested and understood, but here it is. Good luck. The server has a 20 minute session timeout, which is the standard. If someone is on the same page and does nothing for 20 minutes then their session will be abandoned (timeout) and theyll have to log in again. There is the "remember me" thing which puts a little cookie on the computer. It links the web browser and server together and will allow seamless re-authentication. But it wont always work... Let me explain. There are 2 types of website cookies: session cookies, which die as soon as the browser is closed, or persistent cookies, which are written to the computer's hard drive and remain on the computer until they're either manually deleted or they expire. The "remember me" function sets a persistent cookie with a 2 week expiry date (the expiry date is always moved forwards by 2 weeks on every subsequent visit, so as long as someone keeps logging in at least once a fortnight the cookie will never expire). So to summarise the cookie, it will Break if: 1. You log in using a different computer 2. You log in using a different browser on the same computer 3. You click logout 4. You let the cookie expire by not accessing the site for 2 weeks On some browsers (namely Safari in my testing) cookies are not made "persistent" until the browser is quit and re-opened (it seems cookies are stored in a text file, and the text file is written out only when the browser is Quit) and so if they tick "remember me" but then still allow a 20 minute downtime to occur, the cookie will never be permanently stored. The best way to set the cookie is to: 1. Log out of the website (if already logged in) 2. Log into the website ticking "remember me" 3. Quit the browser (closing ALL browser windows) 4. Re-launch the browser and go to the site and you should be automatically logged in Some people might have different cookie settings though, forbidding the creation of persistent cookies or having some configuration setting that regularly sweeps them away, and this will prevent the "remember me" from working properly. If the cookies are accepted by the browser they will be visible when viewing cookies in the browsers preferences page. In Safari for the Mac, with the remember me tick box ticked, here are the cookies: Specifically here there are 2 cookies StoredCID and StoredSID and these 2 cookies are used to control the login. The StoredCID cookie is always stored in the browser and is used for various tracking purposes. The StoredSID cookie is the one which is only set when remember me is ticked. So, as long as those cookies are there, then the auto login should work. If the cookie is NOT there, them something went wrong when the cookie was being set. But this is a local browser/security issue and not something which is the fault of the website or something which I have control over. Hope that helps some of you... I did say it was bit long and tecchy Quote Link to comment Share on other sites More sharing options...
Former Member Posted July 16, 2009 Share Posted July 16, 2009 [This posting has been removed] Quote Link to comment Share on other sites More sharing options...
Graham Bloice Posted July 16, 2009 Author Share Posted July 16, 2009 I presume the website is generating a new StoredSID then each time I login with "Remember Me" checked, rather than reusing any existing one, e.g. I login with PC A and get an SSID of aaa. The website also remembers aaa against my account. I then visit the site on PC B, the website asks for the SSID but gets nothing so asks me to login. I login with "Remember Me" and get a new SSID of bbb which is associated with my account rather than reusing the aaa SSID which is stored on PC A. Thus when I visit again with PC A, the website queries for the SSID and gets aaa which it no longer recognises as connected to my account and asks me to login again, and this gives me a new SSID of ccc, and ad infinitum. For Eric, all logging out does is clear any "login" cookie on that machine for the account you are logging out from. This only prevents someone opening up your browser on your PC and visiting sites that you are still logged with. If you are the only user of your PC then you are probably safe enough, but if it is a shared PC then you should logout from sites. Quote Link to comment Share on other sites More sharing options...
Graham Bloice Posted July 27, 2009 Author Share Posted July 27, 2009 I'd just like to point out as well that plenty of other websites manage to keep me logged in when using different computers, e.g. RC Groups. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.