Issues with new Login System - Add them here
Discussion
RacingPete said:
It was a slightly off process flow
We have moved to federated login system, so the forums is authenticating against a central login system (and so does the classifieds). This then enables us in the future to roll out the single login to other systems, apps etc.
As part of this we have two forms of knowing who you are. Authenticate and Authorize
The first one just checks who you are and grabs the details of your account based on your cookie from the federated login,
The second will actually check if you are logged in on federated login and then renew your credentials on the site requesting the login (e.g. the Forums).
So every 60 minutes we expire the cookie on the forums, so this requires a re-authorize to update the cookie.
The post reply page is then using Authenticate, so checks your account details and if it doesnt know you are logged in will show a "need to login or register page" to submit a post (not necessarily the wrong thing).
The issue is that it wouldn't go and renew your cookie (as the authorize does this) and keep you moving down the flow to post. We are just looking at whether changing how this page works will still work with people who are not registered - but seems this is the quick fix while working out the flow better in the long term.
For a techie response....
Non-techie....
The cookie expires after 60 minutes and if you haven't visited a page that requires you to be logged in (My Stuff, Post etc) in that time, then it wont renew that cookie, and after 60 minutes you are seen as logged off by any page that wants to know your details. We are changing the flow
Edit: To add this is not a security change, it is because the data from the centralised login system may become stale (if you change username, verification etc) and this enables it to keep fresh and renew.
Sorry, am I reading this right? We're going to have to log back in to the forums (or at least have our sessions expire then have to pass through a login page to refresh a cookie) every 60 mins?We have moved to federated login system, so the forums is authenticating against a central login system (and so does the classifieds). This then enables us in the future to roll out the single login to other systems, apps etc.
As part of this we have two forms of knowing who you are. Authenticate and Authorize
The first one just checks who you are and grabs the details of your account based on your cookie from the federated login,
The second will actually check if you are logged in on federated login and then renew your credentials on the site requesting the login (e.g. the Forums).
So every 60 minutes we expire the cookie on the forums, so this requires a re-authorize to update the cookie.
The post reply page is then using Authenticate, so checks your account details and if it doesnt know you are logged in will show a "need to login or register page" to submit a post (not necessarily the wrong thing).
The issue is that it wouldn't go and renew your cookie (as the authorize does this) and keep you moving down the flow to post. We are just looking at whether changing how this page works will still work with people who are not registered - but seems this is the quick fix while working out the flow better in the long term.
For a techie response....
Non-techie....
The cookie expires after 60 minutes and if you haven't visited a page that requires you to be logged in (My Stuff, Post etc) in that time, then it wont renew that cookie, and after 60 minutes you are seen as logged off by any page that wants to know your details. We are changing the flow
Edit: To add this is not a security change, it is because the data from the centralised login system may become stale (if you change username, verification etc) and this enables it to keep fresh and renew.
Edited by RacingPete on Wednesday 13th May 15:21
Did someone actually think about that? If I log in to a forum I don't want to keep having my user views and preferences ignored until I click login again. That's absolutely crazy, why don't the classifieds do this and not the forums?
Surely it would make more sense to have to re-enter credentials (or rather refresh a cookie) for the classifieds (which are the important bit after all)?
I've just received 2 emails from PH
Email #1 Says that my login name is PoleDriver (correct) and gives my old email address which I updated from last week (incorrect).
Email #2 Says that my login name is poledriver (incorrect) and gives my new email address which I updated to last week (correct).
Email #1 Says that my login name is PoleDriver (correct) and gives my old email address which I updated from last week (incorrect).
Email #2 Says that my login name is poledriver (incorrect) and gives my new email address which I updated to last week (correct).
Great!
Now I'm trying to follow up on a topic from a week or so back.
Using 'My stuff' I am not able to go back more than 24 hours.
When selecting 'my topics' or 'my replies' I get a message saying that there were no entries in this period!
ETA
And when trying to access 'local chat' I get this:-
No Postcode Specified
To use this feature you must have a UK postcode specified on your profile.
But my postcode is in my profile?
Now I'm trying to follow up on a topic from a week or so back.
Using 'My stuff' I am not able to go back more than 24 hours.
When selecting 'my topics' or 'my replies' I get a message saying that there were no entries in this period!
ETA
And when trying to access 'local chat' I get this:-
No Postcode Specified
To use this feature you must have a UK postcode specified on your profile.
But my postcode is in my profile?
Edited by PoleDriver on Wednesday 13th May 18:20
RacingPete said:
ChemicalChaos said:
I can log in just fine on my computer, but my phone will not log in. I see there is an issue with the mobile site, but I always run the desktop site on my phone anyway as I prefer the zoom ability.
Every time I try to log in on my phone, it returns an "invalid username and password combination" notice
Hmmm... this confuses me - if you are viewing desktop on both, then just login here on your mobile and you should be fine.Every time I try to log in on my phone, it returns an "invalid username and password combination" notice
http://www.pistonheads.com/user/login
Krikkit said:
Sorry, am I reading this right? We're going to have to log back in to the forums (or at least have our sessions expire then have to pass through a login page to refresh a cookie) every 60 mins?
Did someone actually think about that? If I log in to a forum I don't want to keep having my user views and preferences ignored until I click login again. That's absolutely crazy, why don't the classifieds do this and not the forums?
Surely it would make more sense to have to re-enter credentials (or rather refresh a cookie) for the classifieds (which are the important bit after all)?
No, you are not reading that correctly.Did someone actually think about that? If I log in to a forum I don't want to keep having my user views and preferences ignored until I click login again. That's absolutely crazy, why don't the classifieds do this and not the forums?
Surely it would make more sense to have to re-enter credentials (or rather refresh a cookie) for the classifieds (which are the important bit after all)?
The system will automatically renew your cookie if you go to a page that requires you to be authorised to see it, thus you shouldn't even know it happens. So if you go to My Stuff, Post a Reply, My Preferences - then it will renew the cookie. If you go to another part of the site and come back 60 minutes later, going to My Stuff will automatically log you back in to the forums.
The length of time this cookie is set is too short, thus we need to extend it, which will be a new release (tomorrow hopefully).
RacingPete said:
Krikkit said:
Sorry, am I reading this right? We're going to have to log back in to the forums (or at least have our sessions expire then have to pass through a login page to refresh a cookie) every 60 mins?
Did someone actually think about that? If I log in to a forum I don't want to keep having my user views and preferences ignored until I click login again. That's absolutely crazy, why don't the classifieds do this and not the forums?
Surely it would make more sense to have to re-enter credentials (or rather refresh a cookie) for the classifieds (which are the important bit after all)?
No, you are not reading that correctly.Did someone actually think about that? If I log in to a forum I don't want to keep having my user views and preferences ignored until I click login again. That's absolutely crazy, why don't the classifieds do this and not the forums?
Surely it would make more sense to have to re-enter credentials (or rather refresh a cookie) for the classifieds (which are the important bit after all)?
The system will automatically renew your cookie if you go to a page that requires you to be authorised to see it, thus you shouldn't even know it happens. So if you go to My Stuff, Post a Reply, My Preferences - then it will renew the cookie. If you go to another part of the site and come back 60 minutes later, going to My Stuff will automatically log you back in to the forums.
The length of time this cookie is set is too short, thus we need to extend it, which will be a new release (tomorrow hopefully).
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff