Logout, followed by immediate Login, access SOEMTIMES....
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
I have been having trouble with logout-login.
Logout wipes your local cookie on your remote computer, and wipes all of them.
If one then logs in from the main page, after going there, login works. IF, OTOH, one logs in from a page reached through the login module displayed dialog that comes up after you have logged out when you try to post to threads without having logged in on main page (by clicking the link to show previous page), you get a cookie sent but you get no authentication.
The only workaround I can find is to do this:
Instead of trying to go back to the previous page after a login fropm the secondary auth page, click on "Short Media Forums" text link up on top of page. This takes you to home page, site then logs you in and reads new cookie. The ancillary login process is not reading the new cookie sent before letting you resume, though the login succeeds as to dialog given when you do login.
Just wanted users who are new to understand that this is broken, and for the admin\coders to know what gets sent. I would PM this, but want new users to know cookies do get wiped when you logout, and there is a code bug in vBulletin that lets this happen.
One simple site fix would be to remove the "go to previous page link" and make users go to a home page display and gete a new session cookie as home page entry is processed, it looks like this site is using multiple cookies, one for session tracking, one for authentication. Pure authentication happens, session cookie is not being rewritten to home page URL when new auth cookie is sent. If a remote user manually goes to the home page URL, with click on the "Short Media Forums" hyperlink still on the page, new session cookie is sent, location home page URL, and session happens normally thereafter.
Destroying auth cookie and not session cookie would possibly fix this also as previous session cookie might be usable with new auth cookie depending on how they are interlinked in content but I cannot get that to happen as user easily as all cookies are wiped by default on logout.
Been trying to explain what happened several ways, figured this might help explain.
One does not have to logout to get server to timeout connection on its end, and if a user logs in on main page or closes session and reenter's site from main page and logs on there instead of trying to resume a session after logout, the whole site feed authorization and session cookie send or update happens smoothly. so, unless you have access problems with existing cookies or clear your cookies in browser, you should never need to logout of site, just close browser or go to another pages, come back to http://www.short-media.com/forum/ and log in in login box at upper right side of main page. I have been trying to figure out what happens when you use the option to go back to previous page from the login acknowledgement screen you get when you either login wrong after having cleared too many cookies accidentally while cleaning out adware cookies, or clear all cookies, which I do from time to time also. Changing between two-three O\Ss for browsing does not help much either, I am looking at a bunch and frequently install or upgrade both *nix or Windows, and have more than one legal Windows version able to be cold-swapped in to model things users want to fix.
I am not bitching, just documenting here, and telling how to work around it, what will work and what does not work-- since this is the feedback area and folks look here when they want to see what is up, figure this will get read. Basically, if session cookie were not cleared on logout and could be used with new auth cookie, at least the site woudl not tell user after telling them they were logged in that they did not have access rights to read, post, or view pages if they click go to previous page link on login acknowledgement screen after having logged out and not reentered site at main page to get new session cookie so site knows where to go with the "go back to previous page" link.
TRY NOT to use logout function. If the logout button were labelled-- "Clear My Cookies" instead, users would get less frustrated. Also, if a user forgets to login, and tries, if cookies have been cleared in browser to get rid of cookies soem sites (not this one) use to track you later and feed ads, this happens and fix is same, go only to main home forum listing page and do not try to go back to post immediately if you have cleared your cookies either by logging off or by clearing cookies in browser, until this can be fixed in code.
I do not think this is urgent except to prevent what is not working from happening.
Logout wipes your local cookie on your remote computer, and wipes all of them.
If one then logs in from the main page, after going there, login works. IF, OTOH, one logs in from a page reached through the login module displayed dialog that comes up after you have logged out when you try to post to threads without having logged in on main page (by clicking the link to show previous page), you get a cookie sent but you get no authentication.
The only workaround I can find is to do this:
Instead of trying to go back to the previous page after a login fropm the secondary auth page, click on "Short Media Forums" text link up on top of page. This takes you to home page, site then logs you in and reads new cookie. The ancillary login process is not reading the new cookie sent before letting you resume, though the login succeeds as to dialog given when you do login.
Just wanted users who are new to understand that this is broken, and for the admin\coders to know what gets sent. I would PM this, but want new users to know cookies do get wiped when you logout, and there is a code bug in vBulletin that lets this happen.
One simple site fix would be to remove the "go to previous page link" and make users go to a home page display and gete a new session cookie as home page entry is processed, it looks like this site is using multiple cookies, one for session tracking, one for authentication. Pure authentication happens, session cookie is not being rewritten to home page URL when new auth cookie is sent. If a remote user manually goes to the home page URL, with click on the "Short Media Forums" hyperlink still on the page, new session cookie is sent, location home page URL, and session happens normally thereafter.
Destroying auth cookie and not session cookie would possibly fix this also as previous session cookie might be usable with new auth cookie depending on how they are interlinked in content but I cannot get that to happen as user easily as all cookies are wiped by default on logout.
Been trying to explain what happened several ways, figured this might help explain.
One does not have to logout to get server to timeout connection on its end, and if a user logs in on main page or closes session and reenter's site from main page and logs on there instead of trying to resume a session after logout, the whole site feed authorization and session cookie send or update happens smoothly. so, unless you have access problems with existing cookies or clear your cookies in browser, you should never need to logout of site, just close browser or go to another pages, come back to http://www.short-media.com/forum/ and log in in login box at upper right side of main page. I have been trying to figure out what happens when you use the option to go back to previous page from the login acknowledgement screen you get when you either login wrong after having cleared too many cookies accidentally while cleaning out adware cookies, or clear all cookies, which I do from time to time also. Changing between two-three O\Ss for browsing does not help much either, I am looking at a bunch and frequently install or upgrade both *nix or Windows, and have more than one legal Windows version able to be cold-swapped in to model things users want to fix.
I am not bitching, just documenting here, and telling how to work around it, what will work and what does not work-- since this is the feedback area and folks look here when they want to see what is up, figure this will get read. Basically, if session cookie were not cleared on logout and could be used with new auth cookie, at least the site woudl not tell user after telling them they were logged in that they did not have access rights to read, post, or view pages if they click go to previous page link on login acknowledgement screen after having logged out and not reentered site at main page to get new session cookie so site knows where to go with the "go back to previous page" link.
TRY NOT to use logout function. If the logout button were labelled-- "Clear My Cookies" instead, users would get less frustrated. Also, if a user forgets to login, and tries, if cookies have been cleared in browser to get rid of cookies soem sites (not this one) use to track you later and feed ads, this happens and fix is same, go only to main home forum listing page and do not try to go back to post immediately if you have cleared your cookies either by logging off or by clearing cookies in browser, until this can be fixed in code.
I do not think this is urgent except to prevent what is not working from happening.
0
Comments
:rolleyes2
Its not that site is not supposed to delete cookies when you logout, it is that users do not know NOT to logout, and do not know that clearing cookies results in a situation where you get denied access after a login screen that comes up when they try to post and then has no session cookie to revise and tells you are logged in and then deies access that is the problem.
Some users are told to logout when done, at workplace, so they logout routinely, and do not understand when the site SAYS they are logged in and then says they cannot post or anything else. Workaround is to login, get new coookie, then suspend session, start a new one either explicitly or impicitly by going to home page for forum, or force new session by going to main forum page.
Stop assuming title has only relevant info, please, all of you-- title entry box is not long enough for this kind of problem. I am trying to doc how what has happened to me 50+ times is happening, and I care enough to try-- because it can happen and does after folks are told to clear their cookies also, FREQUENTLY, by help desk folks. Or when a new browser is installed, with NO cookies present and a user forgets password, is at work looking in and wants to say one thing, password record is at home, etc. Title was logout, IMMEDIATE login works sometimes, and in fact LOGIN after logout or cookies clearing only works if you go back to the main page once after getting all cookies wiped-- after that, session cookie is updated if user is not at a public or work computer and HAS the cookie on the computer that they are doing site entry from. Experienced users know that, those used to domains and being told to logout do not. It is a FAQ thing and I was trying to doc how in fact I get this behavior from my end and what makes it happen, as best as I can. SO IT COULD BE PREVENTED from happening. NOT to criticize for criticism's SAKE. Capishe??? Understand??? AND because I am not a mod or admin AND DO CARE, I wanted to put up something that someone could use to figure out why these things happened ADN how to get them to not happen for them and how to not get the APPARENT (from what user sees on his end in sequence of getting a thank you for logging in and then a "you do not have access" screen) login failure behavior that is happening to stop.
You are wrong. Login works via the main page, via the top login dialog box at the top of a thread...any thread and via replying to a thread. I logged out each time before attempting the successful login. At no time were cookies other than SHORT-MEDIA affected. A second set of tests were performed clearing internet history, cache and cookies and following direct links into the site.
Again...no problem.
John_D,
This may be a problem with your browser. I hope I've interpretted your alleged problem correctly. I had to re-read your post a few times in an attempt to decipher it.