Users having to login twice?

[Kobytoo]

I have this same problem using any browser and any device and any OS. I also looked at the old solution but that procedure didn't exists where specified. Also, my session bits are set to 5 and not 6 as claimed to be the issue.

I use SMF 2.011 and this is just one of two persistent problems users get when logging in. This one, where about 25% to 30% of the time you get told your credentials are wrong when they aren't and a second attempt works. The other is a malformed redirect after login but that's in another topic I posted. No replies to that yet.

[nend]

This is just a suggestion, check to see if they are logging in via the www.site.com, subdomain.site.com or site.com. Compare this to your forum URL in the server settings. If it is different then check your cookie settings. If this is the case and you own the domain then consider enabling subdomain independent cookies.

If not then have a look at the form, the quick login forms for various themes and portals are bad about this. If it is the quick login then you may want to disable it and just use the main login.

[Kindred]

exactly what nend said...

note that www.site.com is actually a different subdomain from site.com -- and although SMF tries to correct that, some servers are less forgiving.

the way around this is
a) as nend says: enable subdomain independent cookies
b) add some lines to your htaccess file which FORCES anyone hitting the incorrect URL to bounce to the correct URL.

[Kobytoo]

This is just a suggestion, check to see if they are logging in via the www.site.com [nofollow], subdomain.site.com [nofollow] or site.com [nofollow]. Compare this to your forum URL in the server settings. If it is different then check your cookie settings. If this is the case and you own the domain then consider enabling subdomain independent cookies.

If not then have a look at the form, the quick login forms for various themes and portals are bad about this. If it is the quick login then you may want to disable it and just use the main login.

This isn't caused by subdomain issues. I've tested this extensively in the couple of months I've been looking after this forum. The forum url is correct and the address I am using to access the site is the same, without question. It doesn't happen on every login though.

[Kindred]

well, what are your cookie settings in smf admin>server settings?

[Kobytoo]

well, what are your cookie settings in smf admin>server settings?

Cookie default length 60
Enable local storage off
Use subdomain independent cookies off
Use database driven sessions off (this was on until about an hour ago when I thought I'd see if it made a difference)
Allow browsers to go back to cached pages on
Seconds before unused session timeout 2400

To confirm, this has been an issue for many months, if not years. I only took ownership of this recently but users tell me it's always been an issue.

[Illori]

topic split off the other topic, please start your own topics so we can make sure each user gets their issue resolved.

[Kindred]

try turning ON subdomain independent cookies and turn ON database driven sessions

[Kobytoo]

I don't use a subdomain however, I did try that a week back and it made no difference. As I said in my post, database sessions has always been on until shortly before I wrote my last message. Therefore, it would have been on when I turned on the subdomain independent cookies.

I don't know if this an appropriate time but I am wondering if there is a connection between a malformed redirect issue I have too. Users either log on correctly or, with the same credentials, get told the password is wrong or, the other option is where they enter their credentials but get taken to a page saying the page they are looking for can't be found. However, if you then click a bookmark for the forum you will find you have indeed been logged on. In the case of the latter the url after login is malformed; in place of ?action=forum which it generally has, it will have /action=forum. I mention it in case it's indicative of some other issue.

[Kobytoo]

topic split off the other topic, please start your own topics so we can make sure each user gets their issue resolved.

Thank you for that and I apologise. I didn't mean to hijack another topic.

[Kindred]

that sounds like maybe one of the prettyurls mods was not completely uninstalled...

check your htaccess file...
(and yes, they could be related)

[Kobytoo]

Could you point me further in the right direction? I'm not certain what I should be looking for in the .htaccess file and also, which one. I don't have one in the forum directory but the sub folders have one preventing listing I think.

Should there be one in the forum directory too?

Incidentally, I haven't experienced one failed login attempt since turning off database sessions in the cookie management section. It's early days but I would have expected to have experienced a couple by now because I've been login on an off frequently and using different browsers.

PS Just been told by a user that he had to log in twice so just a fluke for me I guess.

[Zwerko]

Hi. Just to jump in, I have exactly the same problem, so it's not insolated. I have turned ON subdomain independent cookies and database driven sessions like Kindred sugsested but now I can't access my forum (opened new topic )

[a10]

Maybe related, after changing host some years ago, had strange problems with www \ non-www and logins, here's what works on my forum\host:

Enable local storage of cookies on
Use subdomain independent cookies off
Use database driven sessions on

.htaccess:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^domainname.com
RewriteRule (.*) http://www.domainname.com/$1 [R=301,L]

[Kobytoo]

Hi. Just to jump in, I have exactly the same problem, so it's not insolated. I have turned ON subdomain independent cookies and database driven sessions like Kindred sugsested but now I can't access my forum (opened new topic )

I had a similar experience. I kept getting told to check my cookies. Luckily, I had another computer which allowed me to log in so I suspect if you delete your cookie for your website you may be allowed in. Please let me know if you resolve your issue.

[Kobytoo]

Maybe related, after changing host some years ago, had strange problems with www \ non-www and logins, here's what works on my forum\host:

Okay but, bear in mind, I am able to replicate this over and over most of the time. I know I'm consistently using the same url without www. With this in mind, are your recommendations still pertinent?

Is it possible that you could explain your .htaccess suggestions? I don't have a .htaccess file in my forum directory, only the subdirectories. Should there be one and if so, maybe this is the simple problem.

[a10]

^^^ the htaccess rewrites any and all url used to access the forum to www., and all 'internals' in the forum are strictly set to www., used repair_settings.php afaikr. From then on (many years ago) things just worked, no more complaints from members about access\consistency\login problems :O)

Don't know if this applies to the subject of this topic, but could be worth investigating (or eliminating as a cause).

[Zwerko]

Hi. Just to jump in, I have exactly the same problem, so it's not insolated. I have turned ON subdomain independent cookies and database driven sessions like Kindred sugsested but now I can't access my forum (opened new topic )

I had a similar experience. I kept getting told to check my cookies. Luckily, I had another computer which allowed me to log in so I suspect if you delete your cookie for your website you may be allowed in. Please let me know if you resolve your issue.

No joy, I did not get any msg about cookies... I don't want to spam your topic, despite the thing it's we have identical symptoms.

[Kobytoo]

In case anyone is familiar with the Charles application, here is a short sequence from earlier tonight where the page tries to redirect to forum/action=forum instead of forum?action/forum