• Welcome to Simple Machines Community Forum. Please login or sign up.
November 29, 2021, 11:14:07 AM

News:

Want to get involved in developing SMF, then why not lend a hand on our github!


[BUG][SMF 2.1 Alpha]Login flood + session

Started by qICEp, September 22, 2013, 01:01:17 PM

Previous topic - Next topic

qICEp

There is a bug with session and login flood protection

If you enter wrong password, and you send login request again but in less than a 2-3 seconds you will get these error:
You will have to wait about 2 seconds to login again, sorry.
And a button below will say "Back"

When you click back you will get another error:
Your session timed out while posting. Please go back and try again.
When you get these error the "Back" button just lead you to the same error again and again...Until you actually reload page.
By the way, if you pay attention to error you will notice that it have no sense at all cos we were at login page and not posting anything (except http request...)

Arantor

Well, the back button aspect has been a problem for years - it's a standard back button on every error page.

Secondly, it's a generic error message of which the most frequent case is posting.

Lastly, fairly sure this is not just specific to 2.1...
No good deed goes unpunished
All helpful urges should be circumvented

Oldiesmann

The back button is doing exactly what it's supposed to - going back to the previous page (action=login2). The same thing would happen if you hit the back button in your browser. Because this isn't something 99% of users would even notice, I don't think it's worth fixing.
Michael Eshom
Cincy Space - now open!

Arantor

I disagree, I think it should be fixed. A situation where the user presses an option presented to them gives them an error? They shouldn't be given the option in the first place. We can't fix them pressing the back button in their browser but all bets are off in that situation anyway. On the other hand, we *can* fix this.
No good deed goes unpunished
All helpful urges should be circumvented

Kindred

I agree - the simple, easy, straight forward fix is to remove the BACK link from our text.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Note that that will affect every fatal error message, of which most of them are perfectly fine to leave the back link in them.
No good deed goes unpunished
All helpful urges should be circumvented

Kindred

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

qICEp

1. Actually im sure these is only with 2.1, back button worked kinda fine on 2.0.5 (I had to press it twice)
2. Removing BACK link/button is not a solution but ignoring error is even worse scenario...
3. If its a minor bug it does not mean its not worth fixing, its still a bug even if its the smallest one...

ziycon

Is it possible/much work to catch the session time(or whatever error is thrown) out and present a login page instead of an error message?

Advertisement: