Forums log me out quickly

Discuss issues and requests related with the forum software
illuzioner
Posts: 27
Joined: 07 Jun 2017, 13:50

Forums log me out quickly

07 Jun 2017, 18:07

Why does this AHK forum log me out so quickly? Most sites will let me stay logged in for days, but here I'm logged out quickly. I don't even have time to investigate the tutorials or answers I've read.

I tried posting a reply and then it told me it was invalid. So, I saw that it had logged me out already.

Is there a reason for such a short login expiration? Can that be changed?
User avatar
Xtra
Posts: 2744
Joined: 02 Oct 2015, 12:15

Re: Forums log me out quickly

07 Jun 2017, 20:13

Try deleting your browser cache and cookies and then log in again.
User avatar
Nextron
Posts: 1391
Joined: 01 Oct 2013, 08:23
Location: Netherlands OS: Win10 AHK: Unicode x32

Re: Forums log me out quickly

08 Jun 2017, 03:23

I can confirm the problem. Once or twice a day I get logged out as well (different PC's as well, also when only one is online). My browser has drive cache disabled and I've removed the cookies lots of times.
User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: Forums log me out quickly

08 Jun 2017, 07:22

I log in 2 times a year. your browser is probably trashing your cookies
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
User avatar
Exaskryz
Posts: 2882
Joined: 17 Oct 2015, 20:28

Re: Forums log me out quickly

08 Jun 2017, 11:52

Not sure if it's a problem, just throwing it out there. But if you use addons for privacy like Random Agent Spoofer or some ways to create noise on your internet profile for trackers, could that be interfering with the ability to stay logged in? Whether cookies are getting trashed on any new identity your addon gives you, or if on the AHK side it invalidates the cookie because it sees you have a different identity than when it gave you the cookie?
User avatar
Nextron
Posts: 1391
Joined: 01 Oct 2013, 08:23
Location: Netherlands OS: Win10 AHK: Unicode x32

Re: Forums log me out quickly

08 Jun 2017, 18:01

Thanks for the feedback. Since this is the only site for which I experience this problem on multiple computers (same browser though), I presumed it to be related to autohotkey.com / phpBB, since I only use an ad blocker without anonymizing plugins.

It just happened for the second time today; based on the cookie expiry date, directly after unlocking my PC and auto-refreshing an already open tab. Based on the cookie data I saved earlier today, all cookies starting with phpbb3_ contained different values (including the SID). The domain wide UID cookie remained unchanged. That doesn't explain the cause of the change, although based on the user=1 value it matches triggering the logout button.

So I've made the cookie read-only preventing anything (on my system or this site) from changing it and I've blocked access to https://autohotkey.com/boards/ucp.php to exclude any mysterious logout attempts. Let's see what happens, since this way, I think the only way to logout is for the site to unlink the sessionID from my UserID.
TAC109
Posts: 1098
Joined: 02 Oct 2013, 19:41
Location: New Zealand

Re: Forums log me out quickly

08 Jun 2017, 23:41

As a point of reference I haven't had to re-log in for months. This is on both my iPad and PC.
My scripts:-
XRef - Produces Cross Reference lists for scripts
ReClip - A Text Reformatting and Clip Management utility
ScriptGuard - Protects Compiled Scripts from Decompilation
I also maintain Ahk2Exe
User avatar
Nextron
Posts: 1391
Joined: 01 Oct 2013, 08:23
Location: Netherlands OS: Win10 AHK: Unicode x32

Re: Forums log me out quickly

09 Jun 2017, 03:36

It happened again after having my computer off for a few hours. The first page request tries to set a new cookie, even though the read-only phpbb3_* cookie was the same as during my earlier post. I didn't press the logout button, and even if I had, I had the entire ucp.php page blocked, so I couldn't manually log out.

I do notice that the 'remember me keys' found at https://autohotkey.com/boards/ucp.php?i ... login_keys (8 hex chars)
do not match the set phpbb3_ghjir_k cookie (16 hex chars), but perhaps there's some hashing and truncating going on there. Can anybody without login problems check if those match and what size they are?

Additionally a six year old phpBB support post mentions:
a session id/key is not enough to get logged in. The IP must match to the extent defined in the ACP. Also, the browser user-agent must match (enabled by default). Additionally, you can have it check the x_forwarded_for value.
My IP doesn't change between sessions but Pale Moon tends to be creative with the user-agent, which I can look into. Although I believe Exaskryz also uses it, without issues.
User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: Forums log me out quickly

09 Jun 2017, 08:32

thats interesting how did you manipulate your cookies this way?
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
User avatar
Exaskryz
Posts: 2882
Joined: 17 Oct 2015, 20:28

Re: Forums log me out quickly

09 Jun 2017, 09:12

I do not have login problems, but here's my rundown of my setup:

I use Pale Moon 24.6.2, which hasn't been updated in years. I don't know if Pale Moon might have done anything to change the user agent in future updates. My useragent is set as ... Oh, this interesting. I actually manually set my own useragent for autohotkey.com. I'm not sure why I did, but I might speculate that when I did try to use the user agent spoofers in the past, that I needed a set value for AHK to keep me logged in.


general.useragent.override.autohotkey.com;Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko 20140610 Firefox/24.0 PaleMoon/24.6.2.
My default UA is .......................................Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20140610 Firefox/24.0 PaleMoon/24.6.2.

So there is only a difference with a / after Gecko.

Significant? I don't know.

----

I do not run any user agent spoofer or other spoofing addons, though I do have them installed (just not functioning). My active addons I could suspect doing anything are HTTPS Everywhere, Disconnect.me, Better Privacy, Adblock Plus, and Self-Destruct Cookies. The last one has been set to allow autohotkey.com.

---

I took a look at the cookies. Interestingly, the prefixed phpbb3_ are duplicated in name -- looks like the Host is what is different. One set of 3 is for autohotkey.com, and another for http://www.autohotkey.com. And this may be the clue, now that I look at the expiration dates. Here's just a rundown of all my cookies, with content values replaced with lengths.

Code: Select all

Name: phpbb3_ghjir_u
Content: Single bit (or byte)
Host: www.autohotkey.com
Path: /
Send For: Any type of connection
Expires: Feb 23, 2018

Code: Select all

Name: phpbb3_ghjir_k
Content: null
Host: www.autohotkey.com
Path: /
Send For: Any type of connection
Expires: Feb 23, 2018

Code: Select all

Name: phpbb3_ghjir_sid
Content: 32-bytes
Host: www.autohotkey.com
Path: /
Send For: Any type of connection
Expires: Feb 23, 2018
(Edit: Corrected the name of the cookie below. I mistakenly had a _sid here, it should be _u.)

Code: Select all

Name: phpbb3_ghjir_u
Content: 5 bytes, or possibly 4 bytes. The value is numeric and could be either decimal or hexadecimal. (Value is less than 65536.)
Host: autohotkey.com
Path: /
Send For: Any type of connection
Expires: June 9, 2018 ; (one year from today, and the hh:mm:ss tt also on there tells me this is set for 1 year from the time I visited today.)

Code: Select all

Name: phpbb3_ghjir_k
Content: 16 bytes
Host: autohotkey.com
Path: / 
Send For: Any type of connection
Expires: June 9, 2018

Code: Select all

Name: phpbb3_ghjir_sid
Content: 32 bytes
Host: autohotkey.com
Path: /
Send For: Any type of connection
Expires: June 9, 2018
Between the duplicate named cookies, their Content values are all different.

I have a number of cookies that are expired, going back as far as 2015 for expiration dates. However, here are additional cookies that are not expired:

Code: Select all

Name: rteStatus
Content: custom string
Domain: .autohotkey.com
Path: /board/
Send For: Any type of connection
Expires: December 31, 2019

Code: Select all

Name: _ga
Content: custom string
Domain: .autohotkey.com
Path: /
Send For: Any type of connection
Expires: September 5, 2018

Code: Select all

Name: __cfduid
Content: 43 bytes
Domain: .autohotkey.com
Path: /
Send For: Any type of connection
Expires: October 16, 2017
Last edited by Exaskryz on 09 Jun 2017, 16:00, edited 1 time in total.
User avatar
Nextron
Posts: 1391
Joined: 01 Oct 2013, 08:23
Location: Netherlands OS: Win10 AHK: Unicode x32

Re: Forums log me out quickly

09 Jun 2017, 12:02

Thanks for the extensive write-up! That must have taken some time. :bravo:

I don't see anything standing out from my setup. Earlier today I also set up the general.useragent.override.autohotkey.com just to make sure, but that doesn't seem to make much difference.
I also disabled a tab from auto-reloading. This did have a significant impact. I looks like this used to keep the session alive unless the computer went in lock down (which automatically suspends the browser process, halting the refresh). Without this, the session isn't being kept alive and I've had to log in four times today. I've logged two identical requests, a few hours apart, and the first shows me logged in, the second doesn't and tries to update the cookie to guest. So that would lead me to conclude that there a remote issue where the board doesn't link the session to my user anymore, like clicking the logout button, even though that URL is locally blocked.

On the other hand, a login using Chrome earlier today keeps me logged in even after deleting the “Remember Me” login keys from the forum's UCP, suggesting a local issue with the other browser. :wtf:

I'm having trouble making heads or tails from these observations. Right now I'm having some hope that clearing the huge “Remember Me” list makes a difference. :crazy:
TAC109
Posts: 1098
Joined: 02 Oct 2013, 19:41
Location: New Zealand

Re: Forums log me out quickly

09 Jun 2017, 16:41

Adding to my previous datapoint, I am currently on holiday, and connecting from different physical wifi locations (=different IP addresses) on my iPad using default Safari. I still don't need to re-log on at all.
My scripts:-
XRef - Produces Cross Reference lists for scripts
ReClip - A Text Reformatting and Clip Management utility
ScriptGuard - Protects Compiled Scripts from Decompilation
I also maintain Ahk2Exe
User avatar
nnnik
Posts: 4500
Joined: 30 Sep 2013, 01:01
Location: Germany

Re: Forums log me out quickly

10 Jun 2017, 13:27

I had to relog twice recently.
Recommends AHK Studio
User avatar
Nextron
Posts: 1391
Joined: 01 Oct 2013, 08:23
Location: Netherlands OS: Win10 AHK: Unicode x32

Re: Forums log me out quickly

13 Jun 2017, 05:50

Nextron wrote:Right now I'm having some hope that clearing the huge “Remember Me” list makes a difference. :crazy:
After clearing the >50 list, I've only had to log in once (creating a new entry) over the past few days. :dance:

So based on the observations, I would think phpBB checks for (somewhat) matching user-agents and only then looks for a matching login key but only does this for the first (oldest) xx matches, thereby ignoring new entries.
That would explain why:
• Other users aren't affected (different list).
• My other browser isn't affected (list only contains a single matching user-agent).
• The problematic browser is repeatedly issued new cookies, even though the previous is still valid and unchanged (many matching user-agent entries, exceeding the number of keys checked so phpBB doesn't recognize it).
• The problem stops when clearing the list (the cookie login key is within the first xx matches again).
User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: Forums log me out quickly

13 Jun 2017, 06:56

thank you for the final report it may prove useful to someone else down the road
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
User avatar
boiler
Posts: 16767
Joined: 21 Dec 2014, 02:44

Re: Forums log me out quickly

22 Jun 2017, 19:05

I have no problems when using my computer (using Chrome), but when using Safari on my iPad, I have to log in every time if it's been more than hour or so since I last was on the site. This was never an issue until the time that ex-member troll kept spamming the site with a bunch of garbage and things were put in place to combat him.
User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: Forums log me out quickly

23 Jun 2017, 17:32

yet i did nothing with cookies or sessions at that time
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter

Return to “Forum Issues”

Who is online

Users browsing this forum: No registered users and 22 guests