Arrr.
I keep getting logged out. Happening with multiple browsers on different machines. No idea why. And when I log in I do have 'forever' set. Anyone else getting this?
Yep. I just logged in, it said I had a PM when I went to read it I had to log in again ???
Hrm, I've had no probs... nothing shows up in error logs. Sounds like some kind of cookie problem to me, but I'll investigate.
Yeah I thought it might have been my end but I tried on three different machines, two different browsers (using Chrome) and had same thing. It's only happened once today.
Has happened to me too - actually, as I went to post this message, I was logged out. Lol.
PHP sessions are a bit of a ballbag - if they're table based then it might be worth pruning the old (unused) session data
OK, I believe it's bots trying to log in as you guys, and when it fails it invalidates your logged in sessions so you need to log in again.
Trying to see what I can do about it.
me too ???
Thought it was Gino's shoddy networking at home, lol.
Yeah I've been having that for a little while now too. I thought it was a problem on my end. Tried replying to a PM, and had a decent length message all typed up, then it said I hadn't logged in when I tried to send it, and then now I have to write it again. Lol.
And it's gay for when I try to check the unread messages page.
Lol hopefully we don't end up having to use Captcha.
I used to have this problem. What I did to fix it was to make sure that the bookmark I used to browse the site was always one of these two:
http://nzism.alphaism.com/forum/index.php?action=unread
http://nzism.alphaism.com/forum/index.php
Anything else and you will have to log in all the time. Hope that's a band-aid fix for you guys for now.
Ok, so the only way I can deal with this without changing something is to inspect error logs and decide which IPs the bots are using, so that I can then add them to a 'deny all users from these ips' file. The problem is the ips change every couple of days, and some are from TOR network nodes so that doesn't really work. Even in best case, this is still reactionary so people will get logged out when the ips switch until the ban lists are updated.
So I'm not too keen on that approach.
Currently it's possible to log in using either your username, or your email address. Another way of fixing this issue is to only allow email address as login criteria. Your email addresses are not publicly visible, unlike your displayed name (which in many cases IS your username - this is how the bots are getting logins to try. Their current favourite target appears to be Elixir). The only way to get a valid email address would be to sniff your login packets, and if they are doing that they could just get your php session id and take over your account anyway.
So I'm pretty likely to switch over to this in the next couple of days. It will mean you will have to switch to logging in with your email address, but that shouldn't be a big deal.
If anyone has any questions or concerns, please make them known soon.
Quote from: fluxcore on January 19, 2011, 09:47:50 AM
So I'm pretty likely to switch over to this in the next couple of days. It will mean you will have to switch to logging in with your email address, but that shouldn't be a big deal.
Good solution - nice work :D
I've randomly stopped getting this problem.
Lol @Elixir. I didn't know different people got affected differently.
Quote from: fluxcore on January 19, 2011, 09:47:50 AM
Another way of fixing this issue is to only allow email address as login criteria.
Sorry for being a noob but how do I do that? I never used to get logged out randomly until today :-[
Could this be the same BOT signing us out of our psn network??
Bad day yesterday. Lost connection with psn 20 times. Signed in on different email account, same again just not as bad...fukn fukn fukn!