• Welcome to New Zealand Fighting Game Forum.

Getting logged out randomly :,

Started by Rorooze, January 07, 2011, 08:19:56 AM

Previous topic - Next topic

Rorooze

Arrr.

I keep getting logged out. Happening with multiple browsers on different machines. No idea why. And when I log in I do have 'forever' set. Anyone else getting this?

geneterror

Yep. I just logged in, it said I had a PM when I went to read it I had to log in again ???
KOW 2011

fluxcore

Hrm, I've had no probs... nothing shows up in error logs. Sounds like some kind of cookie problem to me, but I'll investigate.
Any sufficiently godlike street fighter technique is indistinguishable from randomness

Rorooze

Yeah I thought it might have been my end but I tried on three different machines, two different browsers (using Chrome) and had same thing. It's only happened once today.

electric

Has happened to me too - actually, as I went to post this message, I was logged out. Lol.

PHP sessions are a bit of a ballbag - if they're table based then it might be worth pruning the old (unused) session data
"gief can jump above the screen and pummel all over the place..." - Zosla

fluxcore

OK, I believe it's bots trying to log in as you guys, and when it fails it invalidates your logged in sessions so you need to log in again.

Trying to see what I can do about it.
Any sufficiently godlike street fighter technique is indistinguishable from randomness

gunsmoke

LiFe iS gOoD wHeN u WaNa Be!

stereomonkey

Thought it was Gino's shoddy networking at home, lol.
"I got that peanut butter chocolate flavour"

originaljulz

Yeah I've been having that for a little while now too. I thought it was a problem on my end. Tried replying to a PM, and had a decent length message all typed up, then it said I hadn't logged in when I tried to send it, and then now I have to write it again. Lol.

And it's gay for when I try to check the unread messages page.
HEAVEN OR HELL? DUAL ONE. LETS ROCK!

originaljulz

Lol hopefully we don't end up having to use Captcha.
HEAVEN OR HELL? DUAL ONE. LETS ROCK!

Lennysaurus

I used to have this problem.  What I did to fix it was to make sure that the bookmark I used to browse the site was always one of these two:

http://nzism.alphaism.com/forum/index.php?action=unread
http://nzism.alphaism.com/forum/index.php

Anything else and you will have to log in all the time.  Hope that's a band-aid fix for you guys for now.


NZism 2011 King of Wishful Thinking and Part-Time Hero

fluxcore

Ok, so the only way I can deal with this without changing something is to inspect error logs and decide which IPs the bots are using, so that I can then add them to a 'deny all users from these ips' file. The problem is the ips change every couple of days, and some are from TOR network nodes so that doesn't really work. Even in best case, this is still reactionary so people will get logged out when the ips switch until the ban lists are updated.

So I'm not too keen on that approach.

Currently it's possible to log in using either your username, or your email address. Another way of fixing this issue is to only allow email address as login criteria. Your email addresses are not publicly visible, unlike your displayed name (which in many cases IS your username - this is how the bots are getting logins to try. Their current favourite target appears to be Elixir). The only way to get a valid email address would be to sniff your login packets, and if they are doing that they could just get your php session id and take over your account anyway.

So I'm pretty likely to switch over to this in the next couple of days. It will mean you will have to switch to logging in with your email address, but that shouldn't be a big deal.

If anyone has any questions or concerns, please make them known soon.
Any sufficiently godlike street fighter technique is indistinguishable from randomness

electric

#12
Quote from: fluxcore on January 19, 2011, 09:47:50 AM
So I'm pretty likely to switch over to this in the next couple of days. It will mean you will have to switch to logging in with your email address, but that shouldn't be a big deal.

Good solution - nice work :D
"gief can jump above the screen and pummel all over the place..." - Zosla

originaljulz

I've randomly stopped getting this problem.

Lol @Elixir. I didn't know different people got affected differently.
HEAVEN OR HELL? DUAL ONE. LETS ROCK!

Nick4now

Quote from: fluxcore on January 19, 2011, 09:47:50 AM
Another way of fixing this issue is to only allow email address as login criteria.

Sorry for being a noob but how do I do that? I never used to get logged out randomly until today  :-[


The Self-proclaimed Christchurch Hyper Fighting 2011 Champion