Issues with new Login System - Add them here
Discussion
RacingPete said:
Yes it is... but we have a bit of work still to do to maintain the SEO benefits that site has and migrate them to www.pistonheads.com. So at the moment it is now read only (as you cannot log into it).
If you move to www.pistonheads.com then you have a choice of skins (under My Preferences) as follows:
Classic - A really old skin from 2003 or so (not supported)
Big Blue - The default skin for viewing when not logged in and new registrations, though gives desktop view on a mobile (will soon be deprecated)
Mobile (beta) - The first version of a responsive site (deprectated)
Beta 2 - The new skin we are working on which will be responsive and thus show nicely depending on your screen width <- this is the replacement for mobile.pistonheads.com and will become the default view for logged in users and new registrations.
Thanks for the answer. I've done that, and that's what I think is a compromise If you move to www.pistonheads.com then you have a choice of skins (under My Preferences) as follows:
Classic - A really old skin from 2003 or so (not supported)
Big Blue - The default skin for viewing when not logged in and new registrations, though gives desktop view on a mobile (will soon be deprecated)
Mobile (beta) - The first version of a responsive site (deprectated)
Beta 2 - The new skin we are working on which will be responsive and thus show nicely depending on your screen width <- this is the replacement for mobile.pistonheads.com and will become the default view for logged in users and new registrations.
Neither of the beta options are anywhere near as pleasant to use in a normal desktop browser as Big Blue but will soon be the only options, and realistically already are the only options unless I don't want to use mobile, which I do.
It seems odd to me that we've gone from a situation where both desktop and mobile viewing is good, to one where there is always compromise. I understand that there is a reason for the change, but I would have thought that maintaining a good user experience would be priority number one.
tomjol said:
It seems odd to me that we've gone from a situation where both desktop and mobile viewing is good, to one where there is always compromise. I understand that there is a reason for the change, but I would have thought that maintaining a good user experience would be priority number one.
Though that last point is subjective - I really like the mobile version of Beta2 now I have used it for a while (it took me a bit to get use to), but I do concede that the desktop view hasn't quite hit the same mark as Big Blue - we are working on that over the next few weeks, so happy to hear how we can make it better.RacingPete said:
Though that last point is subjective - I really like the mobile version of Beta2 now I have used it for a while (it took me a bit to get use to), but I do concede that the desktop view hasn't quite hit the same mark as Big Blue - we are working on that over the next few weeks, so happy to hear how we can make it better.
Beta 2 - not nice.Make it look like this:
Job jobbed.
RacingPete said:
Hmmm... this confuses me - if you are viewing desktop on both, then just login here on your mobile and you should be fine.
http://www.pistonheads.com/user/login
Following that link only generates a line of hypertext saying "Message: No HTTP resource that matches the request URI http://www.pistonheads.com/user/login
http://www.pistonheads.com/user/login MessageDetail: No action was found on the controller authentication that matches the request
I have checked the double checked I am on the desktop not mobile version of the login screen on my phone, still getting the "invalid username/password" message
RacingPete said:
tomjol said:
It seems odd to me that we've gone from a situation where both desktop and mobile viewing is good, to one where there is always compromise. I understand that there is a reason for the change, but I would have thought that maintaining a good user experience would be priority number one.
Though that last point is subjective - I really like the mobile version of Beta2 now I have used it for a while (it took me a bit to get use to), but I do concede that the desktop view hasn't quite hit the same mark as Big Blue - we are working on that over the next few weeks, so happy to hear how we can make it better.How to make it better? Make it the same
Login timeout is one thing, but why on earth would it happen whilst using the site?
What was it under the old format? I'm sure I didn't have to log back in on the same device more than twice a year, let alone multiple times each day.
What security issue, exactly, are you trying to cover by having shorter timeouts at all?
What was it under the old format? I'm sure I didn't have to log back in on the same device more than twice a year, let alone multiple times each day.
What security issue, exactly, are you trying to cover by having shorter timeouts at all?
RacingPete said:
897sma said:
I'm having issues with login, wouldn't accept my details on the main site until I capitalised the letters in my username, I've checked and they're still in lower case on my profile. When I try and log in to the mobile site it just goes round and round in circles - says I've logged in until I try and post then asks me to log in or register.
That is weird, you are in all our systems with lower case username too. Plus the username field is case insensitive so should work for either case.When you use the mobile site is this on mobile.pistonheads.com - as that is now read only, and login doesn't work.
Edited by RacingPete on Wednesday 13th May 12:35 - edited to correct the word sensitive, tiredness prevails and meant insensitive - is that the nurse calling for my pills?
V8mate said:
Login timeout is one thing, but why on earth would it happen whilst using the site?
What was it under the old format? I'm sure I didn't have to log back in on the same device more than twice a year, let alone multiple times each day.
What security issue, exactly, are you trying to cover by having shorter timeouts at all?
It was a slightly off process flowWhat was it under the old format? I'm sure I didn't have to log back in on the same device more than twice a year, let alone multiple times each day.
What security issue, exactly, are you trying to cover by having shorter timeouts at all?
We have moved to federated login system, so the forums is authenticating against a central login system (and so does the classifieds). This then enables us in the future to roll out the single login to other systems, apps etc.
As part of this we have two forms of knowing who you are. Authenticate and Authorize
The first one just checks who you are and grabs the details of your account based on your cookie from the federated login,
The second will actually check if you are logged in on federated login and then renew your credentials on the site requesting the login (e.g. the Forums).
So every 60 minutes we expire the cookie on the forums, so this requires a re-authorize to update the cookie.
The post reply page is then using Authenticate, so checks your account details and if it doesnt know you are logged in will show a "need to login or register page" to submit a post (not necessarily the wrong thing).
The issue is that it wouldn't go and renew your cookie (as the authorize does this) and keep you moving down the flow to post. We are just looking at whether changing how this page works will still work with people who are not registered - but seems this is the quick fix while working out the flow better in the long term.
For a techie response....
Non-techie....
The cookie expires after 60 minutes and if you haven't visited a page that requires you to be logged in (My Stuff, Post etc) in that time, then it wont renew that cookie, and after 60 minutes you are seen as logged off by any page that wants to know your details. We are changing the flow
Edit: To add this is not a security change, it is because the data from the centralised login system may become stale (if you change username, verification etc) and this enables it to keep fresh and renew.
Edited by RacingPete on Wednesday 13th May 15:21
RacingPete said:
SomeRandomDude said:
This is a fake account.
It wont let me log in as CoolFool. I dont think I have broken any of the rules(?). Please help!
Cheers!
I see no record of that username in any of our systems - can you PM me an email address?It wont let me log in as CoolFool. I dont think I have broken any of the rules(?). Please help!
Cheers!
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff