News:

SMF 2.1.2 has been released! Take it for a spin! Read more.

Main Menu

Logged in after sign up?

Started by Jade Elizabeth, August 08, 2014, 01:56:43 AM

Previous topic - Next topic

Jade Elizabeth

I've noticed after signing up even though rego is immediate I still have to log in. Can I make it so it's already logged in?
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Justyne

"Immediate" is not really intended to do that and I can't think of an easy way to make what you want happen.

Maybe having one of the integrated social login things would take care of this at least in part.
Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better.

Kindred

no jade.. it won't work.

when you finish registration, it has to write a whole bunch of stuff to the database.
Only then can you actually log in using the credentials.
Слова
Украина

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Technically there's no reason why the session couldn't then be updated once that's done, in theory. Practice may make a liar of me, however. I know there is a reason it is done that way, only I can't remember it right now. Possibly because I'm shaking because I've just done something incredibly scary.
Perhaps it would have been better if I'd simply never bothered. Y'all clearly would be less unhappy that way.

Jade Elizabeth

Quote from: ‽ on August 08, 2014, 07:32:30 AM
Technically there's no reason why the session couldn't then be updated once that's done, in theory. Practice may make a liar of me, however. I know there is a reason it is done that way, only I can't remember it right now. Possibly because I'm shaking because I've just done something incredibly scary.

What did you do?!


I've seen it on other websites and forum softwares....so I know it can happen :).
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Arantor

Just because other people did it in their site does not mean either 1) it is a good idea or 2) it can be done in SMF without significant retooling.

I know there is a reason why it was done this way in SMF. I just can't remember why, because if it was done for a good reason maybe it's worth leaving it there.

Also, I shaved my 3 years' worth of beard growth. That is not something done lightly.
Perhaps it would have been better if I'd simply never bothered. Y'all clearly would be less unhappy that way.

Ninja ZX-10RR

Hm Arantor. What if people used a disposable mail provider and other people could easily hack in each other's accounts? I think that might be the good reason.

This is because disposable email providers tend not to have security at ALL (for instance, mailinator and others), I mean, you can type in random characters and find an email from somebody, if you find the activation email and the login is automatical then you can easily hack that account, very easily. This is one of the reasons why I installed this mod (http://custom.simplemachines.org/mods/index.php?mod=1493) and spent more than 3 hours to research every disposable provider that I could find to restrict them by hand. I did it to try to protect people from their own stupidity (yeah I know that I can't stand a chance, LOL) but at least I tried :) anyway IMO the reason why you did it might be this one :)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Arantor

Well, that's just it, it's not a route towards cross-account hacking. It's about immediately using an existing account to create a new logged in session, and without worrying about sending out any kind of email (especially not a verification one, since the OP specifically said about immediate registration)

I would suspect it is about not creating too many extra code paths since after any other account matter like approval or reset password, you're not immediately logged in, and extra code paths introduce risk points.
Perhaps it would have been better if I'd simply never bothered. Y'all clearly would be less unhappy that way.

Jade Elizabeth

Let's say it does update the cookie after sign up, would that be simple to do?
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Arantor

Let's say there's a reason it deliberately doesn't do that.
Perhaps it would have been better if I'd simply never bothered. Y'all clearly would be less unhappy that way.

Advertisement: