Simple Machines Community Forum

SMF Support => SMF 2.0.x Support => Topic started by: nomenclator on November 10, 2013, 09:36:01 AM

Title: Timed login not working
Post by: nomenclator on November 10, 2013, 09:36:01 AM
It's working on this site that we are on now, but on the forum that I uploaded to my own web server, smf requires me to login, every time I return. Specifically, I log in, choosing forever, and then close the tab without logging out, then I go back to forum - and I'm logged out.  Or I simply open a new tab and put address of forum in address bar - and when I get there - that tab shows I'm logged out.

Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 09:45:34 AM
Never mind, i solved the problem myself.

Here is what was happening. SWF admin has its address chosen as sitename/subdir/swf/index.php. It is also accessible via subdir_alias.sitename/swf/index.php. I was opening a new tab using a bookmark that had the address subdomain.sitename/swf/index.php. In this case it showed me as being logged out. If I went to sitename/subdir/swf/index.php, swf showed me as still being logged in.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 09:59:54 AM
So the concise answer is if you use a different address to reach the forum, it won't remember that you are logged in.

So I guess there are 2 ways to fix it, leave the url that is configured for the forum as is, as sitename/subdir/swf/index.php and always go to the forum using sitename/subdir/swf/index.php or go to admin > server settings > database and paths and change forum url to subdomain.sitename/swf/index.php - and always go to the forum using that same address.

Before I make the change in admin - is that correct? And I can leave the paths to the directories, in the text boxes under the box for forum url, the same, right? I don't want to make the change in admin - and then find out that I can't log in as an administrator anymore!
Title: Re: Timed login not working
Post by: Arantor on November 10, 2013, 10:41:25 AM
Or use the correct tool for the job, which is subdomain independent cookies.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 11:25:03 AM
Oh, OK. I found the setting for "use subdomain independent cookies" using the handy search feature on the main admin page, but I'm not understanding the instruction "turn off local cookies first." A search for "local cookies" on the same search box turned up only the same page as the "use subdomain independent cookies" page.  Does the instruction mean turn off cookies in my browser? Or does that mean turn off cookies on the web server where the smf is? Or does it mean something else?

Title: Re: Timed login not working
Post by: Arantor on November 10, 2013, 11:28:16 AM
-sigh-

The option for 'local cookies' is the one DIRECTLY ABOVE subdomain independent cookies. And I don't know if you'd noticed - maybe not, because maybe it doesn't fit into your associations for icons vs meaning - but there's a liberal scattering of (?) icons around the forum which you can click on and it will provide some meaning.

Clicking on the help icon for local storage of cookies:
QuoteSMF uses cookies to store login information on the client computer. Cookies can be stored globally (myserver.com) or locally (myserver.com/path/to/forum).
Check this option if you're experiencing problems with users getting logged out automatically.


Globally stored cookies are less secure when used on a shared webserver (like Tripod).


Local cookies don't work outside the forum folder so, if your forum is stored at www.myserver.com/forum, pages like www.myserver.com/index.php cannot access the account information. Especially when using SSI.php, global cookies are recommended.

So you want that option unticked (which it is by default anyway), and subdomain independent cookies on.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 12:17:25 PM
OK, I see the option. I missed it because it said "local storage of cookies" and I was looking for "local cookies." It didn't occur to me that "local cookies" referred to "local storage - of cookies."

And we've got  more comprehensive control of timed logins now.

I've know about the question marks you were referring to. Although it is true that sometimes I forget that they are clickable icons, and forget to click on them, since they look so much like text and don't have a lot of indication that they are links, other than the fact that the pointer changes when you mouseover them.

I did find the one you posted to be confusing. My understanding has long been limited to the idea that cookies are something that are stored on the client computer (by the browser), and the first sentence seems to support that idea when it says smf uses cookies to store login info on the client computer. I'm assuming that the login information is stored - in the form of a cookie placed on the client computer.

But then the next sentence says "cookies can be stored globally (myserver.com) or locally (myserver.com/path/to/forum)" and at that point I got completely confused. It seems to be talking about storing cookies on the server.  So except for the next sentence "check this option if..." I was not able to understand the remainder of the help box.

I suppose I'll have to go find more information about how servers place cookies on clients, before I understand what storing cookies on servers has to do with that.

Title: Re: Timed login not working
Post by: Arantor on November 10, 2013, 12:22:15 PM
QuoteI'm assuming that the login information is stored - in the form of a cookie placed on the client computer.

Correct. The difference is in the scope of the cookie. Some cookies can be domain-wide (anywhere on example.com), tied to a subdomain only (www.example.com has different cookies to www2.example.com), or tied within a path (example.com vs example.com/path/)

While there are more permutations than supported by SMF, in general the correct combination tends to be local off/subdomain independent on.

It's not talking about storing cookies on the server, it's talking about what relevance the cookie has with regards to the server, if that makes sense.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 08:57:20 PM
The use subdomain independent cookies setting isn't working though. If I set it that way, and log in forever, at website.info/subdir/smf, if I open another tab at subdomain.website.info/smf - I'm not logged it.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 09:06:49 PM
Hmmm - i tried it again - an now its not letting me log in at all. Says I have the wrong password or says i've reached by 30-second retry limit. Same thing no matter which of the 2 addresses I use.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 09:17:25 PM
I was able to log in using a different browser. I suppose I could have tried clearing the cookies from the first browser and see if that helped. But I changed it back to having use subdomain independent cookies unchecked as I don't have time to fiddle with it now.
Title: Re: Timed login not working
Post by: Arantor on November 10, 2013, 09:20:46 PM
And trying to use it in a strange manner really isn't going to help you. You're supposed to use it from one of the two URLs, not both. Your forum will be hit by penalties from Google if you try to use both, pick one and stick with it.

The only reason you actually have two is because subdomains being mapped to a folder of your hosting area is a typical "quick and easy" configuration, as opposed to actually separating subdomains properly.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 09:47:29 PM
Quote from: Arantor on November 10, 2013, 09:20:46 PM
And trying to use it in a strange manner really isn't going to help you. You're supposed to use it from one of the two URLs, not both. Your forum will be hit by penalties from Google if you try to use both, pick one and stick with it.

The only reason you actually have two is because subdomains being mapped to a folder of your hosting area is a typical "quick and easy" configuration, as opposed to actually separating subdomains properly.

I don't know what you're trying to say. The only way I'm aware of to make a subdomain at my web hosting company is to use cPanel to configure a subdirectory to have an alias as a subdomain.

How else would I make a subdomain? What do you mean by "strange manner"? Use what from one of 2 url's. You just said "it." I don't know what "it" is referring to. I have robot.txt configured to tell robots not to scan this particular area. What kind of "penalty" are you referring to, though? As I have other web sites where pages can be reached either way, although I usually link to them only as subdomains, in order to simplify my work.
Title: Re: Timed login not working
Post by: Arantor on November 10, 2013, 09:50:57 PM
QuoteI don't know what you're trying to say. The only way I'm aware of to make a subdomain at my web hosting company is to use cPanel to configure a subdirectory to have an alias as a subdomain.

Yes, that's how it normally works. The point is you're not supposed to be using BOTH AT THE SAME TIME. Pick which one you want to use and stick with it rather than trying to make both work.

Just because it physically resides there doesn't mean you have to actually USE it.

sub.domain.com/ is perfectly fine, you don't have to make both sub.domain.com and domain.com/sub both work and you certainly shouldn't be trying to interchange between them. Even if the files live in domain.com/sub you do not actually have to use this.

The penalty I'm referring to is the fact that Google will consider one a duplicate of the other and potentially blacklist it.

QuoteI have robot.txt configured to tell robots not to scan this particular area.

So why are you futzing around trying to make it work then? Pick one of the two schemes and stick with it instead of going all out to make life as complicated as possible for yourself.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 10:02:37 PM
I wasn't futzing around trying to make it work until you gave me the idea. I had "use subdomain independent cookies" unchecked, and I had "enable local storage of cookies" checked - the default configuration. I had decided to set things up to use only the subdomain. Then you suggested that I "Or use the correct tool for the job, which is subdomain independent cookies" and I started asking about that. Then I was just trying it out to see if I log in at one address and still be logged in at the other, after I configured my swf to "use subdomain independent cookies" but I couldn't. I wouldn't have bothered if you hadn't said to use subdomain independent cookies - instead of logging in only using the subdomain.
Title: Re: Timed login not working
Post by: Arantor on November 10, 2013, 10:05:28 PM
No, you asked how to make it work. The normal solution is to use that, because it specifically extends the scope of cookies across the domain and up out of the forum folder so it should work.

I wish I hadn't tried to give you the answer you asked for and should have just told you up front not to go there, would have saved both of us frustration.

In future, I will defer answering your questions to the support team, as I'm really not patient enough to help you.
Title: Re: Timed login not working
Post by: nomenclator on November 10, 2013, 10:21:05 PM
Arantor, again you are using pronouns without being clear about what they refer to. You just said "no, you asked how to make it work" (emphasis mine). I asked about making a lot of things work. So if you say I asked how to make "it" work, I don't know which of them you are referring to. Before you gave me the advice to use subdoman independent cookies, I had already said that I had things working fine - those things being accessing the message board using only the subdomain and logging in using only the subdomain, instead of accessing the message board and logging in from both the subdomain and the and the subdir alias. I did not have any more questions. Then you volunteered that the right way to do things ("the correct tool for the job") was to use subdomain independent cookies - so i figured you meant i didn't have to bother doing things the way I was doing them, logging in using only the subdomain, and I should solve the problem of not remaining logged in, the right way - by using subdomain independent cookies instead of sticking to one domain. To me, you seem to be contradicting yourself, as later you say stick to using just the subdomain - which is exactly what I said I was doing originally.

I don't know why you are making a big deal about these communications trying your patience. I have been perfectly happy with most of your answers, even if sometimes some of them didn't make sense to me. I don't expect people to be perfect. I don't know any other way to learn other than by exercising patience and persistance. Without patience and persistance, which are both difficult to do - doing them can be trying - I would have learned very little of what I have learned.

Personally, when I know things that someone else is trying to learn from me, I enjoy explaining it as slowly, clearly, and precisely, as they need me to do, and no slower. I find that learning tries my patience way more than teaching tries my patience. I enjoy making learning less trying for people, than it would have been without my help. From learning, and helping others learn, I get a feeling of accomplishment that I like. I don't understand this "I'm not patient enough" concept.