Auto Logout ~5 Minutes?

Issues with this Forum? Post them here
Post Reply
aluxe
Posts: 16
Joined: 29 May 2018 18:41

Auto Logout ~5 Minutes?

Post by aluxe »

I've been browsing the board, replying, and creating new threads. Roughly, every few minutes it just logs me out.
Can this be raised to 5 minutes of inactivity?
I2P-Bote: 4luxHKWOei7if0lnhaE54aFjkuqgXCFPzn4~KR~qbWE65wfVLbXrDR2O-LvugDzA35hgDeFUDrZ0GnRreBg83m
echelon
Posts: 263
Joined: 10 Feb 2018 13:36

Re: Auto Logout ~5 Minutes?

Post by echelon »

hey

the timeout is currently 30 min, wonder why you are logged out before.
Currently we cannot find the point in which this 30 min timeout is extended, as all known tips & tricks failed.
Current hack around is to save user/password in browser password store and login automaticly with that.

echelon
User avatar
lgillis
Posts: 144
Joined: 20 Oct 2018 12:52

Re: Auto Logout ~5 Minutes?

Post by lgillis »

I come here via I2P and basically get logged out after a few minutes. Even while writing the posts! My web browser has the same session ID and the forum cookies after all, I don't get it.
Spring https://www.youtube.com/playlist?list=PLF-q-IGQQb1uK7fYuaQiRpcORDSmfsY2n
anikey
Posts: 32
Joined: 30 Nov 2023 20:08

Re: Auto Logout ~5 Minutes?

Post by anikey »

It might be that this forum is hosted on multiple servers. Why i think this:

If you log in with "Remember me" multiple times (from within i2p, not clearnet), and then look at the "Manage "Remember Me" login keys" in user-control-panel -> profile, you might see different IP addresses listed near different keys, or at least that is how it went for me (i checked on ipinfo, they both belonged to i2p project, maybe that's where the tunnel-from-i2p-into-this-forum is hosted, ie in multiple servers).

Now my guess is that you get connected to different servers, each of them might not know about your login, and ask login again.

Another thing i noticed: sometimes when i get "auto-logged-out", it stays logged out, but if i refresh page, it might log back in. Also i noticed that i might be logged in in one tab, but logged out in another tab - this might be related to the "sid" url parameter.

(please note that this is my theory, might not be really what is happening, i dont actually know how i2pforum is hosted)

Edit: another thing i noticed is that if i open (not even log in, just open) the clearnet site (i2pforum.net), it sets some phpbb cookies, but if i open the i2p version (i2pforum.i2p), it does not set cookies at all (checked with browser dev tools).
anikey
Posts: 32
Joined: 30 Nov 2023 20:08

Re: Auto Logout ~5 Minutes?

Post by anikey »

I've also noticed that i2pforum.i2p does not set cookies. (Side note: there is this other phpbb forum discuss.i2p that has cookies, so it's possible).

After looking in the browser devtools, I notice that i2pforum does indeed try to set cookies, but it does not work because it tells to set them for the domain i2pforum.net, NOT i2pforum.i2p. Maybe the problem is that? Maybe try to fix the server to send cookie for i2pforum.i2p if it's accessed through i2p?
anikey
Posts: 32
Joined: 30 Nov 2023 20:08

Possible solution to the logout problem?

Post by anikey »

Here i will provide a summary of my last two posts.

Here is a list of problems that might influence the auto-log-out thing:

1) Server sets cookies incorrectly.
If you open http://i2pforum.i2p/index.php and see devtools request response info in network tab, you will see that:
(a) the cookies are for the domain i2pforum.net - wrong domain
(b) the cookies are marked as 'secure' - which is not good because it will only be sent over https, which is not applicable to i2p, so the cookie won't be sent at all.
It seems like the site is just proxied from clearnet. In that case i'd recommend somehow trying to rewrite the Set-Cookie http headers in responses, so that they are not marked 'secure' and set for the correct domain (i2pforum.i2p)

2) Server is multihomed?
Now the second thing that i have on mind is that this site (i2pforum.i2p) is a multihomed proxy to the clearnet site. How do i know that? I enabled 'Remember Me' when logging in sometimes, and then saw on the 'remember me keys' tab in user control panel that there are some IP addresses listed (exactly two), which all belong to i2p project.
This is just a guess, but maybe logout happens when the client chooses to connect to a different server(from the multihomed ones) than the one connected before.
If you do not manage to fix the cookie problem, you can (i guess) just remove the multihoming, and instead host i2pforum.i2p on only one of the servers.
anikey
Posts: 32
Joined: 30 Nov 2023 20:08

Re: Auto Logout ~5 Minutes?

Post by anikey »

I think admins should just try to modify the server so that when it sends the cookies, it does not set the domain on them (and probably not set the 'secure' setting either)

Browser discards cookies not meant for i2pforum.i2p. i think.
Titus
Posts: 4
Joined: 28 Dec 2021 16:17

Re: Auto Logout ~5 Minutes?

Post by Titus »

yea, seams to be a bug that prevents cookies being set, current workaround is maybe using a tab with active auto reload addon on an url with sid=...
Post Reply