Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

7-Sep-2013 - Forum Downtime

Featured Replies

Okay, this is annoying... It has been a whole weekend without connecting to the forum server, so it should have flushed my remote session and rendered my local cookies completely invalid, that way I would know to flush my cookie stack at my end when failing all else. Has something around the forums changed about login policies due to the last update, or perhaps some attribute about the cookie that totally threw everything off a cliff, or just something else I can't see on my own? :blink: :wall:

 

I could really use some info here, as I'm hesitant to touch my cookie stack without knowing enough about what's going on... :?

 

~Mr. D. V. "Doing a double-post facedesk/facewall over this..." Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Please pardon this turning into a triple-post due to time (another 7 days) elapsed, but are the Admins still watching for bug reports and information here? I've got yet another update as I start to go completely nuts... :wacko:

 

I just flushed any cookie mentioning "member_id" and/or "pass_hash" that had a zero value, and then attempted to sign out, only to find my login status change back to logged in after restarting my browser again. The two cookies remaining that won't self-flush have a domain value of ".forum.tip.it", as well as they keep getting their lifetime reset on page travels, and the domain I'm getting on two that appear when I click to sign out have a domain of ".tip.it"... All four of these cookies have a name of "tif_member_id" or "tif_pass_hash" present on them, and it appears the server is accepting from either domain prefix/suffix. It should only take from one or the other and tell the invalid domain name form to flush, clearing the session entry on the server's table at the same time, preventing all backdoor access of accounts by unwanted third parties. As it stands, I haven't seen any recent posts that I hadn't typed as of yet, but this is worrying me to no end. :ohnoes:

 

Would any Admin versed in knowledge of this subject please post back to this thread as soon/quickly as they safely can? I'll just be face-to-desk until I hear from anyone that can help. :(

 

~D. V. "Ready to lose my mental marbles... Help, Please?!?" Devnull

 

 

 

 

(p.s.: Has this thread reached the point where part of this needs to be split into the "Forum Suggestions/Updates/Discussions" area?)

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Just letting you know @MageUK has been poked about this. He's the only wizard around here that can safely digest forum cookies. Until he responds, please try not hitting your desk too hard...

Xena_Dragon.png

  • Author

Please pardon this turning into a triple-post due to time (another 7 days) elapsed, but are the Admins still watching for bug reports and information here? I've got yet another update as I start to go completely nuts... :wacko:

 

I just flushed any cookie mentioning "member_id" and/or "pass_hash" that had a zero value, and then attempted to sign out, only to find my login status change back to logged in after restarting my browser again. The two cookies remaining that won't self-flush have a domain value of ".forum.tip.it", as well as they keep getting their lifetime reset on page travels, and the domain I'm getting on two that appear when I click to sign out have a domain of ".tip.it"... All four of these cookies have a name of "tif_member_id" or "tif_pass_hash" present on them, and it appears the server is accepting from either domain prefix/suffix. It should only take from one or the other and tell the invalid domain name form to flush, clearing the session entry on the server's table at the same time, preventing all backdoor access of accounts by unwanted third parties. As it stands, I haven't seen any recent posts that I hadn't typed as of yet, but this is worrying me to no end. :ohnoes:

 

Would any Admin versed in knowledge of this subject please post back to this thread as soon/quickly as they safely can? I'll just be face-to-desk until I hear from anyone that can help. :(

 

~D. V. "Ready to lose my mental marbles... Help, Please?!?" Devnull

 

 

 

 

(p.s.: Has this thread reached the point where part of this needs to be split into the "Forum Suggestions/Updates/Discussions" area?)

You seem oddly concerned about security for someone running a web browser that is 11 versions and 14 months out of date. That being said, I've changed the cookie name and domain to be more specific, this is going to result in everyone being logged out but should clear up any problems with these old cookies, you can delete them if you wish. The new cookies are prefixed with tifc_. As per usual, if you visit the account problem page, this will completely log you out of the forum, this is intentional and for good reason.
You seem oddly concerned about security for someone running a web browser that is 11 versions and 14 months out of date. That being said, I've changed the cookie name and domain to be more specific, this is going to result in everyone being logged out but should clear up any problems with these old cookies, you can delete them if you wish. The new cookies are prefixed with tifc_. As per usual, if you visit the account problem page, this will completely log you out of the forum, this is intentional and for good reason.

I don't have control of browser updates here, which is exactly why I'm concerned about security. As you already know, I use NoScript and ABP both, as well as a few other things to help do everything I can to prevent abuse of this old browser. :geek:

 

Anyway, I've noticed my login session bounce properly from your change to the cookie setup and flushed my cookies in response to it. Thank you for making those cookies not be a headache anymore! I'm feeling an extreme amount less nuts, finally being able to sign out once again. :thumbsup:

 

I am left with a question, however, which is that I'm wondering why the 'pass_hash'-suffixed cookie was an exact match of contents between both the old one and the newest one after the upgrade and changes? Maybe I'm crazy, but I would have thought that the hashes for everyone change after a patch to prevent sniffing and abuse? :-k

 

~D. V. "I try to keep it bolted down... Thanks! Wait, why's this?" Devnull

 

 

 

 

(Edit by post author due to lack of mental thought clarity in the second paragraph... This should be the only edit.)

Edited by D. V. Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

  • Author

Why would your pass hash change? Did you change your password? If not, it's not going to change. If someone managed to sniff your cookies you have a lot more to worry about than them getting hold of that hash.

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.