Login expires even though it is set to "forever"

Started by Turrican3, July 26, 2022, 02:23:41 AM

Previous topic - Next topic

Turrican3

Hey there, I'm running a very small board with SMF 2.1.2 currently installed.

I'm experiencing a weird issue: despite login being set to never expire, I find myself logged out roughly once a month and I understand many other users have this issue too.

I have 2FA enabled.

PHP version 7.1.1
MySQL version 5.7.35-38-log - Percona Server (GPL), Release 38, Revision 3692a61

I don't know if it's related, but I see my error log has tons of the following message:

PHP Notice: Use of undefined constant mysql - assumed 'mysql' in /web/htdocs/www.gamers4um.it/home/public/smf/Settings.php on line 285
Any guesses?

Aleksi "Lex" Kilpinen

Unless I'm mistaken, basically forever isn't really forever. It's just "a long time".
And I'd assume that in this case something within that "long time" gets pruned somewhere, so that logins expire.

Now, sadly I'm not the best person to speculate much further than that - Some of the folks more familiar with SMF session handling might be able to share more insight in to this.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Turrican3

Thanks!

Though either something changed in this major upgrade or I am doing something wrong, since my board seemed to handle that setting almost literally (or at least it definitely lasted way more; and that's true for another board that I often visit which hasn't upgraded yet to the 2.1 branch)

Aleksi "Lex" Kilpinen

I'm fairly sure a lot has changed since 2.0 behind the scenes, so this isn't at all surprising really.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Turrican3

Oh absolutely, I can see that even as a simple administrator/user. :D

Arantor

Forever is still the multiple years it used to be, but maybe the 2FA is part of it.

As for how the handling works, the cookie is set to have that expiry and the cookie carries enough information to reauthenticate the user so it's not reliant on sessions staying around that long. Never used 2FA though.

Steve

Quote from: Arantor on July 26, 2022, 04:29:19 AMForever is still the multiple years it used to be, but maybe the 2FA is part of it.
That wouldn't surprise me. I've never been logged out of any site when I set it to 'Forever'. As with Arantor, I've never used 2FA on forums.
Please do not PM me for support.

Sir Osis of Liver

May be related to OS.  I never get logged out of my own forums on my desktop, but android tab randomly logs out every few weeks.
"The best laid schemes o' mice an' men / Gang aft a-gley." - Robert Burns

Diego Andrés

I've encountered this using an iPhone for this site, I too have 2FA enabled here.

SMF Tricks - Free & Premium Responsive Themes for SMF.

Turrican3

Thanks for the answers.

I normally wouldn't bother *that* much either, but being the administrator makes me feel reasonable to keep my account as secure as possible.

Perhaps I might set up a dedicated one though, and switch to a non-2FA account for day to day operations.

Arantor

If you're going to keep your account as secure as possible, revalidating your identity every month or so is considered a good practice.

Turrican3

Yup I think it just makes sense.

So many people operate on the assumption that hackers "wouldn't bother" if you run an extremely small board like I do, but I don't really think so. IMHO every single public (and non-public...) internet-connected hardware is a potential target. So I try to act accordingly, within the limits of my knowledge of course.

Advertisement: