Jump to content

7-Sep-2013 - Forum Downtime


Recommended Posts

Okay, this is annoying... It has been a whole weekend without connecting to the forum server, so it should have flushed my remote session and rendered my local cookies completely invalid, that way I would know to flush my cookie stack at my end when failing all else. Has something around the forums changed about login policies due to the last update, or perhaps some attribute about the cookie that totally threw everything off a cliff, or just something else I can't see on my own? :blink: :wall:

 

I could really use some info here, as I'm hesitant to touch my cookie stack without knowing enough about what's going on... :?

 

~Mr. D. V. "Doing a double-post facedesk/facewall over this..." Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites

Please pardon this turning into a triple-post due to time (another 7 days) elapsed, but are the Admins still watching for bug reports and information here? I've got yet another update as I start to go completely nuts... :wacko:

 

I just flushed any cookie mentioning "member_id" and/or "pass_hash" that had a zero value, and then attempted to sign out, only to find my login status change back to logged in after restarting my browser again. The two cookies remaining that won't self-flush have a domain value of ".forum.tip.it", as well as they keep getting their lifetime reset on page travels, and the domain I'm getting on two that appear when I click to sign out have a domain of ".tip.it"... All four of these cookies have a name of "tif_member_id" or "tif_pass_hash" present on them, and it appears the server is accepting from either domain prefix/suffix. It should only take from one or the other and tell the invalid domain name form to flush, clearing the session entry on the server's table at the same time, preventing all backdoor access of accounts by unwanted third parties. As it stands, I haven't seen any recent posts that I hadn't typed as of yet, but this is worrying me to no end. :ohnoes:

 

Would any Admin versed in knowledge of this subject please post back to this thread as soon/quickly as they safely can? I'll just be face-to-desk until I hear from anyone that can help. :(

 

~D. V. "Ready to lose my mental marbles... Help, Please?!?" Devnull

 

 

 

 

(p.s.: Has this thread reached the point where part of this needs to be split into the "Forum Suggestions/Updates/Discussions" area?)

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites

Please pardon this turning into a triple-post due to time (another 7 days) elapsed, but are the Admins still watching for bug reports and information here? I've got yet another update as I start to go completely nuts... :wacko:

 

I just flushed any cookie mentioning "member_id" and/or "pass_hash" that had a zero value, and then attempted to sign out, only to find my login status change back to logged in after restarting my browser again. The two cookies remaining that won't self-flush have a domain value of ".forum.tip.it", as well as they keep getting their lifetime reset on page travels, and the domain I'm getting on two that appear when I click to sign out have a domain of ".tip.it"... All four of these cookies have a name of "tif_member_id" or "tif_pass_hash" present on them, and it appears the server is accepting from either domain prefix/suffix. It should only take from one or the other and tell the invalid domain name form to flush, clearing the session entry on the server's table at the same time, preventing all backdoor access of accounts by unwanted third parties. As it stands, I haven't seen any recent posts that I hadn't typed as of yet, but this is worrying me to no end. :ohnoes:

 

Would any Admin versed in knowledge of this subject please post back to this thread as soon/quickly as they safely can? I'll just be face-to-desk until I hear from anyone that can help. :(

 

~D. V. "Ready to lose my mental marbles... Help, Please?!?" Devnull

 

 

 

 

(p.s.: Has this thread reached the point where part of this needs to be split into the "Forum Suggestions/Updates/Discussions" area?)

You seem oddly concerned about security for someone running a web browser that is 11 versions and 14 months out of date. That being said, I've changed the cookie name and domain to be more specific, this is going to result in everyone being logged out but should clear up any problems with these old cookies, you can delete them if you wish. The new cookies are prefixed with tifc_. As per usual, if you visit the account problem page, this will completely log you out of the forum, this is intentional and for good reason.
  • Like 2
Link to comment
Share on other sites

You seem oddly concerned about security for someone running a web browser that is 11 versions and 14 months out of date. That being said, I've changed the cookie name and domain to be more specific, this is going to result in everyone being logged out but should clear up any problems with these old cookies, you can delete them if you wish. The new cookies are prefixed with tifc_. As per usual, if you visit the account problem page, this will completely log you out of the forum, this is intentional and for good reason.

I don't have control of browser updates here, which is exactly why I'm concerned about security. As you already know, I use NoScript and ABP both, as well as a few other things to help do everything I can to prevent abuse of this old browser. :geek:

 

Anyway, I've noticed my login session bounce properly from your change to the cookie setup and flushed my cookies in response to it. Thank you for making those cookies not be a headache anymore! I'm feeling an extreme amount less nuts, finally being able to sign out once again. :thumbsup:

 

I am left with a question, however, which is that I'm wondering why the 'pass_hash'-suffixed cookie was an exact match of contents between both the old one and the newest one after the upgrade and changes? Maybe I'm crazy, but I would have thought that the hashes for everyone change after a patch to prevent sniffing and abuse? :-k

 

~D. V. "I try to keep it bolted down... Thanks! Wait, why's this?" Devnull

 

 

 

 

(Edit by post author due to lack of mental thought clarity in the second paragraph... This should be the only edit.)

Edited by D. V. Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites

Why would your pass hash change? Did you change your password? If not, it's not going to change. If someone managed to sniff your cookies you have a lot more to worry about than them getting hold of that hash.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.