News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

[BUG][SMF 2.1 Alpha]Login flood + session

Started by qICEp, September 22, 2013, 01:01:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

qICEp

September 22, 2013, 01:01:17 PM Last Edit: November 27, 2022, 03:07:17 PM by Diego Andrés
There is a bug with session and login flood protection

If you enter wrong password, and you send login request again but in less than a 2-3 seconds you will get these error:
Code Select
You will have to wait about 2 seconds to login again, sorry.
And a button below will say "Back"

When you click back you will get another error:
Code Select
Your session timed out while posting. Please go back and try again.
When you get these error the "Back" button just lead you to the same error again and again...Until you actually reload page.
By the way, if you pay attention to error you will notice that it have no sense at all cos we were at login page and not posting anything (except http request...)

Arantor

#1
September 22, 2013, 01:24:38 PM
Well, the back button aspect has been a problem for years - it's a standard back button on every error page.

Secondly, it's a generic error message of which the most frequent case is posting.

Lastly, fairly sure this is not just specific to 2.1...

Oldiesmann

#2
September 22, 2013, 02:46:23 PM
The back button is doing exactly what it's supposed to - going back to the previous page (action=login2). The same thing would happen if you hit the back button in your browser. Because this isn't something 99% of users would even notice, I don't think it's worth fixing.
Michael Eshom
Christian Metal Fans

Arantor

#3
September 22, 2013, 03:01:07 PM
I disagree, I think it should be fixed. A situation where the user presses an option presented to them gives them an error? They shouldn't be given the option in the first place. We can't fix them pressing the back button in their browser but all bets are off in that situation anyway. On the other hand, we *can* fix this.

Kindred

#4
September 23, 2013, 09:53:03 AM
I agree - the simple, easy, straight forward fix is to remove the BACK link from our text.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

#5
September 23, 2013, 10:09:40 AM
Note that that will affect every fatal error message, of which most of them are perfectly fine to leave the back link in them.

Kindred

#6
September 23, 2013, 10:19:54 AM
hrm.....
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

qICEp

#7
October 01, 2013, 09:04:09 AM
1. Actually im sure these is only with 2.1, back button worked kinda fine on 2.0.5 (I had to press it twice)
2. Removing BACK link/button is not a solution but ignoring error is even worse scenario...
3. If its a minor bug it does not mean its not worth fixing, its still a bug even if its the smallest one...

ziycon

#8
October 01, 2013, 09:27:19 AM
Is it possible/much work to catch the session time(or whatever error is thrown) out and present a login page instead of an error message?

shawnb61

#9
November 25, 2022, 05:35:34 PM
Closing old 2.0 bugs - 2.0 is in security fixes-only at this point.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp
Print
Go Up Pages1
User actions
Advertisement: