It is currently Thu Oct 19, 2017 1:05 pm

All times are UTC - 7 hours





Post new topic Reply to topic  [ 24 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Mon Apr 14, 2014 7:15 am 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2962
Location: Tampere, Finland
Seems like this problem has fixed itself.

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Mon Apr 14, 2014 7:45 am 
Offline
User avatar

Joined: Sat Feb 12, 2005 9:43 pm
Posts: 10059
Location: Rio de Janeiro - Brazil
It looks that way to me too. Everything has worked as expected for a while.


Top
 Profile  
 
PostPosted: Mon Jun 23, 2014 5:25 pm 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2962
Location: Tampere, Finland
...aaaand now it has started logging me out again. :)

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Wed Sep 16, 2015 12:56 pm 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2962
Location: Tampere, Finland
Yearly status report: it's still happening on Chrome. Also the "Hide my online status this session" checkbox doesn't seem to work reliably, although I'm not sure what is its definition of a "session".

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Wed Sep 16, 2015 1:17 pm 
Offline
User avatar

Joined: Sat Feb 12, 2005 9:43 pm
Posts: 10059
Location: Rio de Janeiro - Brazil
It hasn't happened to me anymore. Not frequently, at least... it does happen once every couple of weeks, but that doesn't annoy me.


Top
 Profile  
 
PostPosted: Wed Sep 16, 2015 4:40 pm 
Offline

Joined: Mon Jan 23, 2012 11:27 pm
Posts: 141
This has been happening to me frequently on one machine I use, using chrome in incognito mode. I do this so when all the private tabs close all he cookies and whatnot are cleared up. However, as long as I keep one private tab open, the session stays alive for the various sites I've logged into. Except here, where if I leave the forum I am almost certainly going to be logged out when I come back. Leaving a forum tab open seems to prevent this for some amount of time.


Top
 Profile  
 
PostPosted: Wed Sep 16, 2015 5:25 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19103
Location: NE Indiana, USA (NTSC)
phpBB's manual states that sessions are based on more than the session ID in your cookie. As an extra measure against session hijacking (e.g. Firesheep) and session fixation, an administrator can set phpBB to validate your public IP address (/16, /24, or the whole thing), the User-agent and Referer headers provided by your browser, and the X-Forwarded-For header provided by a proxy. This means if your DHCP lease expires and you get a different IP address, you might get logged out. Or if you're behind a carrier-grade NAT (common in developing countries and with wireless ISPs) or a transparent proxy (which AOL dial-up was notorious for using), you might get logged out.

NESdev BBS is currently set to these security settings:
  • Allow persistent cookies ("Keep me logged in"): On, no expiration
  • Restrict a session to a /24's worth of public IP addresses (such as 123.45.67.xx)
  • Validate User-agent
  • Do not validate X-Forwarded-For
  • Validate hostname in Referer of POST requests
And these load settings:
  • Users disappear from "Who is online" after 5 minutes
  • Sessions expire after 1 hour (I'm not sure if this is an hour after login or an hour after last page view)

And obviously, if you're using private or incognito mode, your browser will toss your session cookie more aggressively.


Top
 Profile  
 
PostPosted: Wed Sep 16, 2015 6:03 pm 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2962
Location: Tampere, Finland
tepples wrote:
This means if your DHCP lease expires and you get a different IP address, you might get logged out.

That theory goes out the window (in my case) since I started this thread when I had a static IP (I don't anymore, but I doubt that the IP address changes very often).

Quote:
NESdev BBS is currently set to these security settings:
  • Validate User-agent

I wonder how pedantic the User-agent check is. Chrome does update itself awfully often...

EDIT: The User-agent seems very likely to be the cause. Just as I wrote this post, I noticed in Chrome's update dialog that it was ready to update after restart, and after I restarted, I had been logged off.

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Mon Apr 11, 2016 2:35 am 
Offline
User avatar

Joined: Wed Feb 13, 2008 9:10 am
Posts: 575
Location: Estonia, Rapla city (50 and 60Hz compatible :P)
I seem to get logoffs too, but only when I am on the commute to work. Only thing that changes is that I am on train WiFi rather than my home network.

_________________
http://www.tmeeco.eu


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page Previous  1, 2

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group