Automatic logon broken

This is the place to ask if you have any issues with our forum system. These include questions about your account, PM's, login trouble, etc.
User avatar
broadblues
AmigaOS Core Developer
AmigaOS Core Developer
Posts: 591
Joined: Sat Jun 18, 2011 2:40 am
Location: Portsmouth, UK
Contact:

Re: Automatic logon broken

Post by broadblues »

MichaelMerkel wrote:it seems the cookie is not set?
A cookie *must* be set else, you could not log in at all.
i removed my old one and there is no new one stored.

regards...
michael
It could have changed to temporary cookie or one with a shorter expiery time perhaps?

User avatar
Raziel
Posts: 962
Joined: Sat Jun 18, 2011 4:00 pm
Location: a dying planet

Re: Automatic logon broken

Post by Raziel »

There is no cookie.

I just checked again with Odyssey cookie list and there is absolutely nothing regarding hyperion-entertainment.biz.

I can log on, but as soon as i leave the site and come back immediately i have to log in again.

There are hyperion cookies in the sql .db file, but they don't come up in Odysseys cookie list
People are dying.
Entire ecosystems are collapsing.
We are in the beginning of a mass extinction.
And all you can talk about is money and fairytales of eternal economic growth.
How dare you!
– Greta Thunberg

User avatar
broadblues
AmigaOS Core Developer
AmigaOS Core Developer
Posts: 591
Joined: Sat Jun 18, 2011 2:40 am
Location: Portsmouth, UK
Contact:

Re: Automatic logon broken

Post by broadblues »

Hmmm okay testing a bit more, it seems the session ID to enable login is being sent in the URL. Side stepping the need for a temporary cookie.

The reason I could post without logging in was that I used URL completion and effectively preserved the session ID< which hadn't expired yet.

Ugh. That feels a fraction insecure! Were I to post the URL you might be able to login as me!

User avatar
Raziel
Posts: 962
Joined: Sat Jun 18, 2011 4:00 pm
Location: a dying planet

Re: Automatic logon broken

Post by Raziel »

broadblues wrote:Hmmm okay testing a bit more, it seems the session ID to enable login is being sent in the URL. Side stepping the need for a temporary cookie.

The reason I could post without logging in was that I used URL completion and effectively preserved the session ID< which hadn't expired yet.

Ugh. That feels a fraction insecure! Were I to post the URL you might be able to login as me!
Ouch...
Hopefully some of the maintainers are monitoring this
People are dying.
Entire ecosystems are collapsing.
We are in the beginning of a mass extinction.
And all you can talk about is money and fairytales of eternal economic growth.
How dare you!
– Greta Thunberg

User avatar
ssolie
Beta Tester
Beta Tester
Posts: 1010
Joined: Mon Dec 20, 2010 8:51 pm
Location: Canada
Contact:

Re: Automatic logon broken

Post by ssolie »

Raziel wrote:Hopefully some of the maintainers are monitoring this
Try emailing webmaster@hyperion-entertainment.com
ExecSG Team Lead

User avatar
Cyborg
Hyperion Entertainment
Hyperion Entertainment
Posts: 54
Joined: Wed Feb 16, 2011 1:29 pm

Re: Automatic logon broken

Post by Cyborg »

All requests are now redirected to use the .com domain. This broke the cookie settings, which were still using .biz. Fixed now.

User avatar
tonyw
AmigaOS Core Developer
AmigaOS Core Developer
Posts: 1431
Joined: Wed Mar 09, 2011 1:36 pm
Location: Sydney, Australia

Re: Automatic logon broken

Post by tonyw »

Yes, fixed now, thanks, Costel.
cheers
tony

User avatar
Raziel
Posts: 962
Joined: Sat Jun 18, 2011 4:00 pm
Location: a dying planet

Re: Automatic logon broken

Post by Raziel »

Thank you, Costel
People are dying.
Entire ecosystems are collapsing.
We are in the beginning of a mass extinction.
And all you can talk about is money and fairytales of eternal economic growth.
How dare you!
– Greta Thunberg

Post Reply