Login Duration seems broken - NeoROMhacking

News

Welcome to NeoRHDN! This place is still a work-in-progress, so pardon the construction...

Chat on Discord

Views: 2,647,158

Main | Rules/FAQ | Discord | Memberlist | Latest posts | Stats | Ranks | Online users

01-31-26 09:31 AM

Guest: Register | Login

0 users currently in Meta | 1 bot

Main - Meta - Login Duration seems broken (1)

Morrigan Aensland-Hill

Posted on 09-06-24 01:48 PM, in

Link | ID: 725

Goomba

Level: 10

Posts: 23/29
EXP: 3584
Next: 830

Since: 08-22-24
From: Arlen, Texas

Last post: 301 days
Last view: 171 days

I apologise for the inconvenience, but there is a small error with the login duration. Every time I tick one of the options regarding how long you want to be logged in and try to log in again on this site after being inactive for a while, like maybe around 8-24 hours, I am instantly logged out for no good purpose.

____________________
My beauty can overcome brains and brawn!

Special

Posted on 09-06-24 02:20 PM, in

Link | ID: 726

Goomba

Level: 10

Posts: 30/33
EXP: 4395
Next: 19

Since: 08-11-24

Last post: 314 days
Last view: 7 hours

IIRC, the site has really strict IP verification at this time; if you're using cell service or a VPN, any IP address change will log you out.

Posted on 09-07-24 01:17 AM, in

Link | ID: 730

Newcomer

Level: 4

Posts: 3/4
EXP: 183
Next: 96

Since: 08-20-24
From: Brazil

Last post: 347 days
Last view: 346 days

Posted by Special
IIRC, the site has really strict IP verification at this time; if you're using cell service or a VPN, any IP address change will log you out.

So that must be why I was automatically logged out once I visited the site on my phone when I went to a friend's house a little while ago.

I don't know if this is a thing on other Acmlmboard forums such as Kafuka, as I don't have an account on them, or if it's only on this forum.

LennaROM

Posted on 09-07-24 01:24 AM, in

Link | ID: 731

Root Administrator

Paratroopa

Level: 20

Posts: 95/141
EXP: 38807
Next: 3632

Since: 08-12-24

Last post: 26 days
Last view: 22 days

Its like this on Kafuka too

I found out you can modify the IP range though, on this page. You can theoretically completely disable IP verification by entering just * though i havent rigorously tested it

Check out some of my websites!

thingsiplay

Posted on 09-07-24 01:26 AM, in

Link | ID: 732

Unprofessional
Level: 14

Posts: 12/60
EXP: 10644
Next: 2427

Since: 08-24-24
From: Germany

Last post: 366 days
Last view: 117 days

Ah, I had the same issue and was not sure if its the site or some browser plugins causing this. My IP changes automatically every day and I was suspecting this. But why does the forum has a strict IP verification, if we are logged in with our accounts anyway?

LennaROM

Posted on 09-07-24 01:33 AM, in (rev. 2 of 09-07-24 01:34 AM by

Link | ID: 733

Root Administrator

Paratroopa

Level: 20

Posts: 96/141
EXP: 38807
Next: 3632

Since: 08-12-24

Last post: 26 days
Last view: 22 days

Probably a "security" thing tbh; not sure what the basis for it was, but even some AcmlmBoard 2 developers have made annoyed comments about it over at Kafuka

I can add the cookie settings page i linked above to the links at the top of the site (or maybe at the bottom), making it easier to find (and disable ip verification)

Check out some of my websites!

thingsiplay

Posted on 09-07-24 01:49 AM, in

Link | ID: 734

Unprofessional
Level: 14

Posts: 13/60
EXP: 10644
Next: 2427

Since: 08-24-24
From: Germany

Last post: 366 days
Last view: 117 days

Most people would not know what this link is for and probably just ignore it. Even if you have this issue, its not easy to know where to look for. Therefore I recommend to add an entry in the FAQ, with an explanation what and how it solves it. At least if someone has a problem, its only natural to look for a FAQ (but most would ignore that either).

LennaROM

Posted on 09-07-24 01:51 AM, in

Link | ID: 735

Root Administrator

Paratroopa

Level: 20

Posts: 97/141
EXP: 38807
Next: 3632

Since: 08-12-24

Last post: 26 days
Last view: 22 days

Pretty good idea! and yeah; fair point. I'll have to do that; thanks for the suggestion

Check out some of my websites!

thingsiplay

Posted on 09-07-24 07:14 PM, in

Link | ID: 739

Unprofessional
Level: 14

Posts: 14/60
EXP: 10644
Next: 2427

Since: 08-24-24
From: Germany

Last post: 366 days
Last view: 117 days

Is it possible to display or link this "lcookie" page in the login page?

Yuri Bacon

Posted on 09-07-24 10:40 PM, in

Link | ID: 740

Shyguy

Level: 16

Posts: 31/90
EXP: 19700
Next: 556

Since: 08-16-24
From: MY MOM!

Last post: 26 days
Last view: 2 days

The cookie page seems like it'd fit best in or around Profile Settings IMO. I only post from my desktop while I'm at home, and my IP seemingly never changes, so I haven't had to relogin since my first login lol

____________________
Build a man a fire, and he's warm for a night. Set a man on fire, and he's warm for the rest of his life.

Oz74

Posted on 09-07-24 11:36 PM, in

Link | ID: 744

Level: 12

Posts: 24/43
EXP: 6508
Next: 1413

Since: 08-16-24

Last post: 154 days
Last view: 7 days

Posted by NinCollin
Probably a "security" thing tbh; not sure what the basis for it was)

A popular thing to do back then to forums unfortunately was to find the unfiltered places you could insert JavaScript and steal a user's cookies and therefore their login session, and all that user would have to do is view the page without JS disabled to become victim. Strict IP verification means account session theft through XSS was stopped at the time of incident instead of giving someone time to cause damage with a higher level account since the login cookie won't match the thief's IP. So while a minor nuisance, having to log back in every day is much less of a bother for me personally, than finding half the stuff deleted one morning because someone stole a privileged account and needing Nin to roll back the database, and I can live with it being what it is.

Yuri Bacon

Posted on 09-08-24 09:50 AM, in

Link | ID: 754

Shyguy

Level: 16

Posts: 33/90
EXP: 19700
Next: 556

Since: 08-16-24
From: MY MOM!

Last post: 26 days
Last view: 2 days

Posted by Oz74
Posted by NinCollin
Probably a "security" thing tbh; not sure what the basis for it was)
A popular thing to do back then to forums unfortunately was to find the unfiltered places you could insert JavaScript and steal a user's cookies and therefore their login session, and all that user would have to do is view the page without JS disabled to become victim. Strict IP verification means account session theft through XSS was stopped at the time of incident instead of giving someone time to cause damage with a higher level account since the login cookie won't match the thief's IP. So while a minor nuisance, having to log back in every day is much less of a bother for me personally, than finding half the stuff deleted one morning because someone stole a privileged account and needing Nin to roll back the database, and I can live with it being what it is.

Yeah, that'd do it.

____________________
Build a man a fire, and he's warm for a night. Set a man on fire, and he's warm for the rest of his life.

Main - Meta - Login Duration seems broken (1)

Affiliates:

Acmlmboard v2.5.6+neo (2024-08-13)
© 2005-2026 Acmlm, Emuz, NinCollin, et al.

Page rendered in 0.108 seconds. (915KB of memory used)
MySQL - queries: 85, rows: 450/459, time: 0.090 seconds.