Problem with site cookies?

[personalt]

Is there a problem with the site's coookies? I log in, hit the new message button and when I come back 15-20 minutes later(sometimes less) and click the same new message link I am logged out.

I thoght maybe it was my work PC but I tried work pc, home pc and cell phone all with similar results.

anyone else have the same issues?

 

[electron]

The only time I have experienced that issue is when I use Chrome in incognito mode. What browser are you using?

 

[personalt]

The only time I have experienced that issue is when I use Chrome in incognito mode. What browser are you using?

mostly firefox but I use IE also.. will try IE rest of day but I swear I saw the same issue with ie on friday but I will confirm before I send you on a goose chase.

 

[electron]

There is a 'Delete cookies set by this board' link on the main forum index page, right above the board stats box, try using that link to reset the cookie for your account.

 

[JonW]

There is a 'Delete cookies set by this board' link on the main forum index page, right above the board stats box, try using that link to reset the cookie for your account.

I'll have to try that as well. I've been having the same issue as the OP and have to login repeatedly during the day. I'm using IE8 on Win7.

 

[JonW]

I did the delete cookies option yesterday and I still have to login repeatedly. This even occurs when my browser has not been closed - only the tab for CT has been closed and I later open a new tab and return here.

I frequent MANY online forums and this is the only one that this happens on.

 

[personalt]

I did the delete cookies option yesterday and I still have to login repeatedly. This even occurs when my browser has not been closed - only the tab for CT has been closed and I later open a new tab and return here.

I frequent MANY online forums and this is the only one that this happens on.

yea.. I still see the problem too.. At least I am not going nuts..

 

[Rupp]

Me too, this is why I create a different login to use on different servers but that got axed quickly.
IE8/FF on XP and W7.

 

[sic0048]

I generally have to log in when I change computers on this site but not other sites I visit. Still, I generally don't see a problem once I log in using the same computer (ie I'm not having to re-log in constantly). Don't you just love computers!

 

[JonW]

OK, looks like I figured out what is causing it for me (although no other online forums I visit are affected by this).

I have static IP's at both my office and home. I quite frequently open a VPN connection from work to home or home to work. When doing so, my source IP shifts to the gateway at the remote site. Any time I open a VPN connection or close it, CocoonTech logs me out. Evidently the cookie CT is using tracks the source IP and treats this as an expired cookie when the IP changes.

Any way to fix this on the CT side of things?

 

[Rupp]

OK, looks like I figured out what is causing it for me (although no other online forums I visit are affected by this).

I have static IP's at both my office and home. I quite frequently open a VPN connection from work to home or home to work. When doing so, my source IP shifts to the gateway at the remote site. Any time I open a VPN connection or close it, CocoonTech logs me out. Evidently the cookie CT is using tracks the source IP and treats this as an expired cookie when the IP changes.

Any way to fix this on the CT side of things?

This is my exact issue as well. It's odd that this MB does this but no others do.

 

[electron]

If your public IP changes while logged in, then it will indeed invalidate the cookie. This is to prevent cookie hijacking. I'd be surprised if this is the issue that is affecting everyone else in this thread tho. So far, I have only seen reports of this being an issue when you have an internet router which supports 2 WAN connections, but some changes on the router will fix that.

If you use a VPN connection to hop around the internet, then you will run into this problem with any site which gives a @#$^ about security

 

[Rupp]

Mommy what does "@#$^" mean?

 

[JonW]

If your public IP changes while logged in, then it will indeed invalidate the cookie. This is to prevent cookie hijacking. I'd be surprised if this is the issue that is affecting everyone else in this thread tho. So far, I have only seen reports of this being an issue when you have an internet router which supports 2 WAN connections, but some changes on the router will fix that.

If you use a VPN connection to hop around the internet, then you will run into this problem with any site which gives a @#$^ about security

There's got to be a (secure) way around it somehow. I'm on two other HUGE forums daily (HomeBrewTalk.com w/ 50,000+ users and LXForums.com w/ 34,000+ Users) and they both keep me logged in and I can be in the middle of reading "New Posts" and it keeps track of right where I'm at even while connecting or disconnecting my VPN connection. I can't speak so much for HomeBrewTalk, but I know LXForums is very anal about security.

Possibly those sites versions of VBulletin are able to accurately track the user state across sessions somehow????

 

[personalt]

I think what he is saying is that without a ip check you could take the cookie file from one PC and copy it to another and then log in without entering a password. However since the cookie would natually expire some time you would need to get steal a cookie while it is hot out of the oven and move it to new PC.

Is that the threat you are trying to cover?

Paypal is the only one that I know that doesnt only allows on concurrent ip/login..

That being said - I made sure I logged out at home and was not connecting from my cell phone today and I still see the same issue. I dont have any reason to think my gateway is changing.