News
Welcome to NeoRHDN! This place is still a work-in-progress, so pardon the construction...

Chat on Discord
Views: 760,081
Sections: Documents | Utilities | ROM Hacks | Games | Translations | Homebrew | Fonts | Community
Site: Main | Rules/FAQ | Discord | Memberlist | Latest posts | Stats | Ranks | Online users
11-23-24 09:26 AM
Guest: Register | Login

0 users currently in Meta | 1 bot

Main - Meta - Login Duration seems broken (1)


Morrigan Aensland-Hill
Posted on 09-06-24 01:48 PM, in Link | ID: 725

Goomba

Level: 7

Posts: 23/26
EXP: 1276
Next: 172

Since: 08-22-24
From: Arlen, Texas

Last post: 11 days
Last view: 13 hours
I apologise for the inconvenience, but there is a small error with the login duration. Every time I tick one of the options regarding how long you want to be logged in and try to log in again on this site after being inactive for a while, like maybe around 8-24 hours, I am instantly logged out for no good purpose.

____________________
My beauty can overcome brains and brawn!

Special
Posted on 09-06-24 02:20 PM, in Link | ID: 726

Goomba

Level: 8

Posts: 30/32
EXP: 1842
Next: 345

Since: 08-11-24

Last post: 4 days
Last view: 8 hours
IIRC, the site has really strict IP verification at this time; if you're using cell service or a VPN, any IP address change will log you out.

Green Jerry
Posted on 09-07-24 01:17 AM, in Link | ID: 730
Newcomer

Level: 3

Posts: 3/3
EXP: 50
Next: 78

Since: 08-20-24
From: Brazil

Last post: 77 days
Last view: 18 hours
Posted by Special
IIRC, the site has really strict IP verification at this time; if you're using cell service or a VPN, any IP address change will log you out.

So that must be why I was automatically logged out once I visited the site on my phone when I went to a friend's house a little while ago.

I don't know if this is a thing on other Acmlmboard forums such as Kafuka, as I don't have an account on them, or if it's only on this forum.

NinCollin
Posted on 09-07-24 01:24 AM, in Link | ID: 731
Root Administrator

Red Koopa

Level: 15

Posts: 95/125
EXP: 14200
Next: 2184

Since: 08-12-24

Last post: 7 days
Last view: 7 days
Its like this on Kafuka too

I found out you can modify the IP range though, on this page. You can theoretically completely disable IP verification by entering just * though i havent rigorously tested it

Check out some of my websites!
imageimageimage

thingsiplay
Posted on 09-07-24 01:26 AM, in Link | ID: 732

Unprofessional
Level: 10

Posts: 12/58
EXP: 4202
Next: 212

Since: 08-24-24
From: Germany

Last post: 6 days
Last view: 1 min.
Ah, I had the same issue and was not sure if its the site or some browser plugins causing this. My IP changes automatically every day and I was suspecting this. But why does the forum has a strict IP verification, if we are logged in with our accounts anyway?

NinCollin
Posted on 09-07-24 01:33 AM, in (rev. 2 of 09-07-24 01:34 AM by NinCollin) Link | ID: 733
Root Administrator

Red Koopa

Level: 15

Posts: 96/125
EXP: 14200
Next: 2184

Since: 08-12-24

Last post: 7 days
Last view: 7 days
Probably a "security" thing tbh; not sure what the basis for it was, but even some AcmlmBoard 2 developers have made annoyed comments about it over at Kafuka

I can add the cookie settings page i linked above to the links at the top of the site (or maybe at the bottom), making it easier to find (and disable ip verification)

Check out some of my websites!
imageimageimage

thingsiplay
Posted on 09-07-24 01:49 AM, in Link | ID: 734

Unprofessional
Level: 10

Posts: 13/58
EXP: 4202
Next: 212

Since: 08-24-24
From: Germany

Last post: 6 days
Last view: 1 min.
Most people would not know what this link is for and probably just ignore it. Even if you have this issue, its not easy to know where to look for. Therefore I recommend to add an entry in the FAQ, with an explanation what and how it solves it. At least if someone has a problem, its only natural to look for a FAQ (but most would ignore that either).

NinCollin
Posted on 09-07-24 01:51 AM, in Link | ID: 735
Root Administrator

Red Koopa

Level: 15

Posts: 97/125
EXP: 14200
Next: 2184

Since: 08-12-24

Last post: 7 days
Last view: 7 days
Pretty good idea! and yeah; fair point. I'll have to do that; thanks for the suggestion

Check out some of my websites!
imageimageimage

thingsiplay
Posted on 09-07-24 07:14 PM, in Link | ID: 739

Unprofessional
Level: 10

Posts: 14/58
EXP: 4202
Next: 212

Since: 08-24-24
From: Germany

Last post: 6 days
Last view: 1 min.
Is it possible to display or link this "lcookie" page in the login page?

Yuri Bacon
Posted on 09-07-24 10:40 PM, in Link | ID: 740

Shyguy

Level: 12

Posts: 31/86
EXP: 7911
Next: 10

Since: 08-16-24
From: MY MOM!

Last post: 6 days
Last view: 10 hours
The cookie page seems like it'd fit best in or around Profile Settings IMO. I only post from my desktop while I'm at home, and my IP seemingly never changes, so I haven't had to relogin since my first login lol

____________________
Build a man a fire, and he's warm for a night. Set a man on fire, and he's warm for the rest of his life.

Oz74
Posted on 09-07-24 11:36 PM, in Link | ID: 744

Level: 9

Posts: 24/38
EXP: 2328
Next: 834

Since: 08-16-24
From: Erebonia

Last post: 3 days
Last view: 3 days
Posted by NinCollin
Probably a "security" thing tbh; not sure what the basis for it was)
A popular thing to do back then to forums unfortunately was to find the unfiltered places you could insert JavaScript and steal a user's cookies and therefore their login session, and all that user would have to do is view the page without JS disabled to become victim. Strict IP verification means account session theft through XSS was stopped at the time of incident instead of giving someone time to cause damage with a higher level account since the login cookie won't match the thief's IP. So while a minor nuisance, having to log back in every day is much less of a bother for me personally, than finding half the stuff deleted one morning because someone stole a privileged account and needing Nin to roll back the database, and I can live with it being what it is.


Yuri Bacon
Posted on 09-08-24 09:50 AM, in Link | ID: 754

Shyguy

Level: 12

Posts: 33/86
EXP: 7911
Next: 10

Since: 08-16-24
From: MY MOM!

Last post: 6 days
Last view: 10 hours
Posted by Oz74
Posted by NinCollin
Probably a "security" thing tbh; not sure what the basis for it was)
A popular thing to do back then to forums unfortunately was to find the unfiltered places you could insert JavaScript and steal a user's cookies and therefore their login session, and all that user would have to do is view the page without JS disabled to become victim. Strict IP verification means account session theft through XSS was stopped at the time of incident instead of giving someone time to cause damage with a higher level account since the login cookie won't match the thief's IP. So while a minor nuisance, having to log back in every day is much less of a bother for me personally, than finding half the stuff deleted one morning because someone stole a privileged account and needing Nin to roll back the database, and I can live with it being what it is.

Yeah, that'd do it.

____________________
Build a man a fire, and he's warm for a night. Set a man on fire, and he's warm for the rest of his life.

Main - Meta - Login Duration seems broken (1)

Affiliates:


Acmlmboard v2.5.6+neo (2024-08-13)
© 2005-2024 Acmlm, Emuz, NinCollin, et al.

Page rendered in 0.104 seconds. (915KB of memory used)
MySQL - queries: 85, rows: 450/458, time: 0.087 seconds.