It is currently Sat Dec 16, 2017 4:25 am

All times are UTC - 7 hours





Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Mon Aug 26, 2013 6:27 am 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2983
Location: Tampere, Finland
Not sure what has happened, or if it's just me, but the forum now keeps logging me out daily (or so) even though I have checked the "Log me on automatically each visit" checkbox when logging in.

Earlier on I (practically) never had to log in manually after ticking the checkbox.

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Mon Aug 26, 2013 7:12 am 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19348
Location: NE Indiana, USA (NTSC)
Are you logging in and out on another device? On a lot of sites, if you click "log out", the site ends all active sessions associated with your user account.


Top
 Profile  
 
PostPosted: Mon Aug 26, 2013 7:35 am 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
1. Tepple's theory is sound/legitimate,

2. Sometimes this is caused by caching problems with one's browser, where certain cached pages and/or saved cookie data stop working. I've seen this in Firefox and IE over the years, so I would not be surprised if Chrome had similar issues. Clear everything and see if things improve,

3. Sometimes this is caused by issues server-side pertaining to PHP sessions, which on the new server are dropped into /tmp. The "garbage collector" (gc) may also periodically pick them up/nuke them, although the rate at which it does is fairly low (less aggressive than Parodius):

Code:
session

Session Support => enabled
Registered save handlers => files user
Registered serializer handlers => php php_binary

Directive => Local Value => Master Value
session.auto_start => Off => Off
session.bug_compat_42 => On => On
session.bug_compat_warn => On => On
session.cache_expire => 180 => 180
session.cache_limiter => nocache => nocache
session.cookie_domain => no value => no value
session.cookie_httponly => Off => Off
session.cookie_lifetime => 0 => 0
session.cookie_path => / => /
session.cookie_secure => Off => Off
session.entropy_file => no value => no value
session.entropy_length => 0 => 0
session.gc_divisor => 1000 => 1000
session.gc_maxlifetime => 1440 => 1440
session.gc_probability => 1 => 1
session.hash_bits_per_character => 5 => 5
session.hash_function => 0 => 0
session.name => PHPSESSID => PHPSESSID
session.referer_check => no value => no value
session.save_handler => files => files
session.save_path => /tmp => /tmp
session.serialize_handler => php => php
session.use_cookies => On => On
session.use_only_cookies => On => On
session.use_trans_sid => 0 => 0

Note to anyone looking at those and wanting to make some remark: say nothing until you go look at and fully read the PHP documentation for the settings in question.

4. This topic has come up more than once over the years. In most cases it has turned out to be certain user behaviour or oddities like those I've mentioned above,

5. Troubleshooting this is surprisingly difficult,

6. I haven't seen this problem even once, in all the years I've been using the site -- except for one situation: during the server migration/move, and that was easily explained (the FQDN associated with the site (thus cookie) changed, thus understandably confusing the hell out of browsers). However I only access the forum from one place (my home PC).


Top
 Profile  
 
PostPosted: Mon Aug 26, 2013 12:12 pm 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2983
Location: Tampere, Finland
tepples wrote:
Are you logging in and out on another device? On a lot of sites, if you click "log out", the site ends all active sessions associated with your user account.

Nope. And moreover, on phpBB that doesn't seem to be the case. And this has happened for several days, on many of which I've definitely not logged in from multiple devices.

koitsu wrote:
2. Sometimes this is caused by caching problems with one's browser, where certain cached pages and/or saved cookie data stop working. I've seen this in Firefox and IE over the years, so I would not be surprised if Chrome had similar issues. Clear everything and see if things improve,

Clearing all cookies from *nesdev.com domain(s) was the first thing I tried when this occurred. No luck.

I guess it might be caused by an update of Chrome. Or something. Anyway, it's not a huge deal. I just thought I'd post in case somebody else was seeing the same problem.

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Fri Aug 30, 2013 12:47 pm 
Offline
User avatar

Joined: Sat Jan 22, 2005 8:51 am
Posts: 427
Location: Chicago, IL
This is happening to me too. It first started a few days ago (I think the same day that thefox reported it), on both my PC and iPhone. Since then, it's happened a couple of times on my PC, but my iPhone has stayed logged on.

I'm using Safari on my iPhone, iOS 6.1.4, and Chrome 29.0.1547.62 m on my PC.

_________________
get nemulator
http://nemulator.com


Top
 Profile  
 
PostPosted: Sat Aug 31, 2013 1:22 am 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2983
Location: Tampere, Finland
Funny thing. It logged me out again (= displayed the username/password/login fields), but in the "Who is online" block it still displayed: Registered users: bazz, Bing [Bot], Google [Bot], thefox

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Sat Aug 31, 2013 11:57 pm 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2983
Location: Tampere, Finland
And some more debugging info. Today, I took a look at the cookies before opening this site:
Code:
Name:   phpbb3_6cazq_k
Content:   cde33d44[censored]
Domain:   .forums.nesdev.com
Path:   /
Send for:   Any kind of connection
Accessible to script:   No (HttpOnly)
Created:   Saturday, August 31, 2013 11:10:50 PM
Expires:   Sunday, August 31, 2014 11:10:50 PM

Name:   phpbb3_6cazq_sid
Content:   ef32d8ce907e904b[censored]
Domain:   .forums.nesdev.com
Path:   /
Send for:   Any kind of connection
Accessible to script:   No (HttpOnly)
Created:   Saturday, August 31, 2013 11:10:50 PM
Expires:   Sunday, August 31, 2014 11:10:50 PM

Name:   phpbb3_6cazq_u
Content:   80
Domain:   .forums.nesdev.com
Path:   /
Send for:   Any kind of connection
Accessible to script:   No (HttpOnly)
Created:   Saturday, August 31, 2013 11:10:50 PM
Expires:   Sunday, August 31, 2014 11:10:50 PM


And after browsing to this site:
Code:
Name:   phpbb3_6cazq_k
Content:   
Domain:   .forums.nesdev.com
Path:   /
Send for:   Any kind of connection
Accessible to script:   No (HttpOnly)
Created:   Sunday, September 1, 2013 8:43:26 AM
Expires:   Monday, September 1, 2014 8:43:26 AM

Name:   phpbb3_6cazq_sid
Content:   8468da1b880cb071[censored]
Domain:   .forums.nesdev.com
Path:   /
Send for:   Any kind of connection
Accessible to script:   No (HttpOnly)
Created:   Sunday, September 1, 2013 8:43:26 AM
Expires:   Monday, September 1, 2014 8:43:26 AM

Name:   phpbb3_6cazq_u
Content:   1
Domain:   .forums.nesdev.com
Path:   /
Send for:   Any kind of connection
Accessible to script:   No (HttpOnly)
Created:   Sunday, September 1, 2013 8:43:26 AM
Expires:   Monday, September 1, 2014 8:43:26 AM


As you can see, phpbb3_6cazq_k got cleared, phpbb3_6cazq_u got reset to a different value, and the session ID also was reset. This makes me think that the server had already purged the session before I opened the site today.

What's strange though is the "Who is online" list. Maybe it's managed separately from the sessions...

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Sun Sep 01, 2013 10:07 am 
Offline
User avatar

Joined: Mon Apr 04, 2011 11:49 am
Posts: 1941
Location: WhereverIparkIt, USA
For what it's worth I've been getting logged out frequently as well. I do login from 3-5 different PCs/devices on a given day, but usually I only have to login again ~once a month or so I'd say.

_________________
If you're gonna play the Game Boy, you gotta learn to play it right. -Kenny Rogers


Top
 Profile  
 
PostPosted: Sun Sep 01, 2013 5:34 pm 
Offline
User avatar

Joined: Sat Feb 12, 2005 9:43 pm
Posts: 10165
Location: Rio de Janeiro - Brazil
Just for the record, I'm not experiencing this problem even though I access the forums from a many different computers/networks. In only one of them I chose to remain logged in, which works just fine.


Top
 Profile  
 
PostPosted: Tue Sep 03, 2013 2:39 am 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
I'm sorry I can't help a lot with this issue (it'd be easier if I was experiencing it myself), but if it's believed to be a phpBB (forum software) bug, we use 3.0.10 right now and 3.0.11 is the latest. Here's the changelog:

https://www.phpbb.com/support/documents ... on=3#v3010

I did see issues relating to "stuck PMs" fixed in 3.0.11 (some folks here may remember that issue -- unrelated to what we're talking about, but I just happened to notice it while skimming).

3.0.12 is not out yet, but here are the changes proposed so far:

https://www.phpbb.com/support/documents ... on=3#v3011

If the issue is believed to be with PHP, the PHP version used is 5.3.15. The latest is 5.5.3, and if there was a place that was most likely responsible for this, it'd be in the sessions module or (remote possibility) the core.

http://www.php.net/ChangeLog-5.php

My gut feeling is that it's some kind of phpBB "thing", since server-side I don't really see anything that indicates an issue, but it's hard for me to diagnose this (as said, can't really help with that). I did find this:

https://www.phpbb.com/community/docs/FA ... out_issues

What's described here is vague/weird -- the settings are actually under the General tab, under Server Configuration / Load Settings. I've attached two screenshots (01.jpg and 02.jpg) showing what we have these set to. I've also included a screenshot of the Cookie Settings section since some of what thefox mentioned above is referenced there.

Keep in mind two things when looking at these screenshots (but please keep reading):

1) The session timeout value shown is just an indicator of how long you can be actively logged in before the board will automatically log you out. If you are a person who leave a tab open at all times here at the forum, then yes, my understanding is that you will be getting logged out after 3600 seconds of not interacting with the site anywhere; this is by design. Increasing this number might sound like a reasonable thing to do, but then again it may not be a wise thing to do. For example if someone is leaving the browser window/tab to the site open for an entire day, then the number would have to be increased to 60*60*24 = 86400 seconds or thereabouts. I would much rather people just close the damn tab/window when they're done. (I actually generally do not have to re-log-in very often on my setup, it's quite rare, but I also do not use tabs and I do not leave browser windows open indefinitely; I always [X] out of things when I'm done)

2) The settings shown there are phpBB-specific and not PHP-specific; PHP has its own types of control over sessions as well (specifically the GC cleaning up old files, etc.). So these two things require a somewhat "balanced" series of settings that match up well and don't conflict with one another.

Anyway, this caused me to find this post:

https://www.phpbb.com/community/viewtopic.php?t=2015965

Where someone states up front that the "session IP validator" basically looks at the network block you're part of, and requires a session to be valid only if the client IP connecting is within the same /24 (this would be a security measure). So, if your ISP is doing something like NAT'ing your outbound connections to the forum (usually done at workplaces for lots of reasons, but also for load balancing), and the connecting client IP could therefore flip in real-time from 1.2.3.4 to 1.2.9.16 (for example) then I can see this causing a person who was active on the forum to suddenly log out. Remember, this is not your "workstation IP address", this is actually what gets seen IP-address-wise on the nesdev server.

The settings we use permit the last octet to float/change (i.e. the A.B.C method), as indicated in the 03.jpg screenshot. I am happy to try changing this to something else ("None" possibly), but I would much rather not if the root cause can be determined.

But as you can see, there are other security measures phpBB has in place (and some I have blacked out in the screenshot because we do know spammers/etc. show up here and this is not the Moderators board so these posts/this information is public) to also "verify" that the client connecting is who it says it is -- specifically "validating the browser" (probably comparing User-Agent strings), handling situations where the browser (HTTP client) includes the X-Forwarded-For header (this is often use by caching proxies, so if you're at a workplace that uses an HTTP proxy server then this header might be included and your web browser wouldn't be sending it, the proxy server would -- the only way for us to see this would be to use tcpdump on the server, which I cannot do) and also referer validation.

Basically my point here is that there's lots of "stuff" that could cause this to go awry for someone, and troubleshooting it requires familiarity with all the aforementioned things, plus requires that the troubleshooting be done in real-time. For example I cannot go back and look at site (Apache) access logs to track down thefox -- username/etc. is not stored anywhere in the logs, so all I could go off of is IP address, but as I said above if the IP address is shifting around a lot then my greps/etc. are going to be wrong/incorrect (the site gets hit a *lot*).

The best I can do is try to get exact timestamps from you (please include timezone, or if you can just give me UTC timestamps that would make my job much much easier (server log timestamps are in UTC)) when you see the issue start, along with the exact time you had to re-log-in, and I try to figure out if it's the session IP validator that's causing it. I've already grepped through logs and there just isn't enough information to key off of there (no way to correlate an access to a username).

Welcome to The Internet(tm) and Web Crap of today, and what we SAs have to deal with all the time.


Attachments:
03.jpg
03.jpg [ 232.88 KiB | Viewed 8688 times ]
02.jpg
02.jpg [ 199.71 KiB | Viewed 8688 times ]
01.jpg
01.jpg [ 223.9 KiB | Viewed 8688 times ]
Top
 Profile  
 
PostPosted: Tue Sep 03, 2013 3:41 am 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2983
Location: Tampere, Finland
koitsu wrote:
Where someone states up front that the "session IP validator" basically looks at the network block you're part of, and requires a session to be valid only if the client IP connecting is within the same /24 (this would be a security measure). So, if your ISP is doing something like NAT'ing your outbound connections to the forum (usually done at workplaces for lots of reasons, but also for load balancing), and the connecting client IP could therefore flip in real-time from 1.2.3.4 to 1.2.9.16 (for example) then I can see this causing a person who was active on the forum to suddenly log out. Remember, this is not your "workstation IP address", this is actually what gets seen IP-address-wise on the nesdev server.

The settings we use permit the last octet to float/change (i.e. the A.B.C method), as indicated in the 03.jpg screenshot. I am happy to try changing this to something else ("None" possibly), but I would much rather not if the root cause can be determined.

I'm 99% certain this is not the cause of it because I have a static IP address.

I'm going to try Firefox for a couple of days to see if the same problems occur with it too.

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Wed Sep 04, 2013 8:53 am 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2983
Location: Tampere, Finland
The problem doesn't occur on Firefox. So probably a recent update of Chrome changed something that causes phpBB to invalidate the session (maybe the User-Agent changes ever so slightly (that would be strange, though), or something...)

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Wed Sep 04, 2013 5:46 pm 
Offline
Formerly 65024U

Joined: Sat Mar 27, 2010 12:57 pm
Posts: 2257
Chrome, up to date on multiple PC's and OS's, no problems.


Top
 Profile  
 
PostPosted: Sat Sep 07, 2013 8:18 pm 
Offline
User avatar

Joined: Sat Feb 12, 2005 9:43 pm
Posts: 10165
Location: Rio de Janeiro - Brazil
A few days ago I said I wasn't experiencing this problem... well, I am now. I get logged out almost every day. Chrome has updated itself recently, so I suspect that there's something up with that, like thefox suggested.


Top
 Profile  
 
PostPosted: Sat Sep 21, 2013 1:12 am 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2983
Location: Tampere, Finland
I want to add that this is not the only phpBB forum that is logging me out frequently now when using Chrome.

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group