Not signed in (Sign In)
Categories
Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.
Help keep Vanilla free:Welcome Guest!
Want to take part in these discussions? If you have an account, sign in now.
If you don't have an account, apply for one now.
Want to take part in these discussions? If you have an account, sign in now.
If you don't have an account, apply for one now.
Vanilla: How can I use Vanilla at home and work, and not have to log in each time!?
Bottom of Page1 to 30 of 30
-
This is starting to do my nut in a wee bit. Is there any way to avoid the constant re-logging in process?
-
- CommentAuthornick1presta
- CommentTimeJan 17th 2006
Bring your cookies with you.
=P -
Grill me a hamburger, and the problem will fix itself.
Eh, I have no clue, I've never encountered programs of logging me out on one computer, from signing in on another computer, just Vanilla. -
-
It's a problem I have too. I think Mark said he set it up that way for security.
-
To hell with security, I gotta get my rambling done!
-
In theory it causes me to lose 2 seconds of work..... :P
-
2 seconds at home + 2 seconds at work = 4 seconds a day = 24+ minutes a year spent logging into Vanilla :-(
-
- CommentAuthorMinisweeper
- CommentTimeJan 18th 2006
its for security. Quit your whining. You have the quick sign in now! -
it's for security
How, exactly?
In the course of the average day I use three different computers, and I would like to be automatically signed in at all three. Judging by the IP address histories of my users, that is not an abnormal request.In theory it causes me to lose 2 seconds of work..... :P
The issue is not the time; the issue is that it's an unnecessary hassle, and unnecessary hassles exist to be destroyed.You have the quick sign in now!
Half the time I don't even notice it's there, and get an angry error message yelling at me for not signing in. -
- CommentAuthorMinisweeper
- CommentTimeJan 18th 2006
well if you used it once your browser should store the password and then you wouldnt even need to notice it was there.
Security isn't my forte but the idea is that your cookies have a verification key in them which has to match up with the key in the database. That way if anyone ever gets hold of your cookies or whatever, chances are the verification key will have changed and they wont be able to get access. Atleast i think thats the theory. -
Theoretically, yes. In reality, not usually.
And I have no problem with cookies expiring, but the time span should be a few days at least, and probably more like a week. -
- CommentAuthorMinisweeper
- CommentTimeJan 18th 2006
Last i checked, the timespan is a year. There have been issues with cookies on 0.9.2 but i think theyre meant to be sorted. I'm sure if you can pinpoint anything mark would love to hear about it. -
- CommentAuthortimberford
- CommentTimeJan 18th 2006
i wish i didnt have to keep logging in and my users are saying the same. -
I know this is a common request, but I'm not changing my authenticator.
I made the authenticator so you guys could code your own and plug it in there easily enough. If you want to, please feel free.
If someone comes up with a method that I think is better (more secure) than mine, I'd be happy to replace mine. -
Biometrics?
-
- CommentAuthorMinisweeper
- CommentTimeJan 18th 2006
I cant for the life of me find my fingerprint reader, most frustrating. -
never ever let anyone tell you that biometrics are the way of the future. it's a terrible method to authenticate if someone is who they say they are, because...
what if you lose your finger? (or - what if you melt your fingerprint?)
what if someone manages to duplicate your finger? how do you change your password? -
Mark: I'm just not sure why logging in on my laptop should have any effect at all on whether my desktop machine is still logged in.
-
- CommentAuthorMinisweeper
- CommentTimeJan 18th 2006
if you lose 4 fingers on each hand (my software stores upto 4 of each, presumably little finger is too small) then chances are you dont really have much use for whatever it is you're authenticating into and have bigger worries. -
mini... granted... but the more important argument was the second one, anyway.
so there. -
- CommentAuthorMinisweeper
- CommentTimeJan 18th 2006
well if someone can be bothered to duplicate my fingerprint then they're welcome to my secret stash of porn. -
- CommentAuthornick1presta
- CommentTimeJan 18th 2006
If someone comes up with a method that I think is better (more secure) than mine, I'd be happy to replace mine.
Here is how I would make a secure login cookie,
Grab the user ID and a bunch of random characters then concatenate them with a dividing character, like "|". For example, "5|993ufbnv3fiw9u4g4". Then md5() that and set it as a cookie. Over in the database, users table of course, make a new field called cookie or auth or whatever. In this field, put the md5'd value AND the user's host name. If the md5 hash happens to be 32 0's, it will be "00000000000000000000000000000000myhost.com".
Now, when the user starts a session, this will be your query (assuming $cookie is the cookie contents and $host is the user's hostname): SELECT * FROM users WHERE auth = '$cookie$host'
If that returns a row, then the user has resumed their session. You'd then change the random characters, reset the cookie and update the database with the new random string (along with last login time, last IP, etc).
This means a user from another ISP can't simply copy the cookie value and be logged in. And if they log in from another location, the random string has changed and the first location is no longer logged in (assuming they don't have an active session). -
but this still doesn't resolve the complaints about having to log in at work and at home, right? unless you work at home, that is
-
- CommentAuthornick1presta
- CommentTimeJan 18th 2006
I would rather know that my account is secure rather than not having to type my username/password within three seconds each time I move locations. -
Cookies can get hijacked very easily with xss attacks (or even packet sniffers). Which is why I've made mine such a pain in the ass. If I was really really paranoid, I'd take it a step further and change and reset the cookies (and the referenced db value) on every page load.
I've had sites get hacked by cookies before, and I'm not planning on reliving that feeling.
I'm sure a security expert will come along with some amazingly simple and awesome way to make remembery cookies secure. Until that day comes, I'm content with what I've got.
I'm sure that one of you will come up with a less secure method that doesn't annoy you all so much, and you can install that on your forums and live happily ever after (i hope). -
lech authenticates via stubs
-
3stripe sets up a 3stripe@work account
-
remembery... hehe
-
Yeah, maybe just an option from the control panel regarding whether or not we use multiple computers? Just an idea :)
1 to 30 of 30