|
Just a slight issue: From different machines, I had to redo my login with my OpenID since yesterday (FWIW, it's a verisign PIP one.) - This hasn't been necessary with other sites which use the same OpenID. Therefore I guess it is bound to this site and not to the OpenID itself. Is there a certain reason for this? |
The question has been closed for the following reason "The question is answered, right answer was accepted" by Graeme Perrow 09 Jun '11, 06:43
|
Your login is tied to a cookie stored by your browser. If you move to a different computer (or a different browser) then you will be required to login again because the site does not know who you are. Also note that the browser cookie has an expiry date so if you have not used a computer/browser for a period of time (a month?) then the cookie will expire and you will need to login again. I'm aware that I have to login with my OpenID once on every machine and browser. But I use three machines regularly (almost daily) to access this site, and on all three I had to re-login since yesterday. That has never happened before (nor all the time using SQLA), and I'm not aware of any system change that I would have done on all those boxes. And as stated, when accessing SQLA, a re-login hasn't been necessary. But if there hasn't been any configuration change on this site, I'll accept it as a personal experience...
(26 Mar '11, 17:01)
Volker Barth
Replies hidden
I also use several computers and I have not had to relogin. I use Google as my OpenID so perhaps there is something specific to Verisign?
(26 Mar '11, 18:44)
Mark Culp
|
|
Look at your cookie. The one I just got today expires on May 10. On that day the chocolate chips will get all hard and brittle, the milk will sour, and I will have to log in to this site again. That would explain why people are having this problem every 2 weeks. I'm not sure if the expiring cookie is intentional. Maybe Graeme can comment. Having it expire makes sense from a security standpoint, although maybe the cookie can be updated with a new one (if it hasn't expired) each time (or each day) the site is visited. That would make life easier for the folks that visit this site every day. Note that my sqla.stackexchange cookie expires on October 26, 2011. So I think they'll have exactly the same behaviour, only once a year instead of once very 2 weeks. Thanks for that clear explanation, Phil (though it makes me feeling somewhat foolish for not having checked that myself...). Yes, the SQLA2 cookie seems to have a 14-day expiration timespan whereas the SQLA cookie does last for several months (and may get updated automatically). Therefore I would suggest to enhance the expiration time or make it update the cookie regularly.
(26 Apr '11, 08:46)
Volker Barth
The cookie explanation does seem reasonable, but it doesn't explain why I have not had to re-login for many many weeks? FWIW: I use my Google OpenID account and access this forum from three different computers.
(26 Apr '11, 08:49)
Mark Culp
Replies hidden
Have you looked at your cookie? Does yours get updated each time you visit the site? Maybe your browser isn't expiring the cookie. Maybe the site is supposed to update the cookie but it doesn't work in Firefox 3 for some reason. I think that there are enough people having this problem that you might be in the minority here.
(26 Apr '11, 09:01)
Phil Mitchell
Well, ain't that classical: Now the folks with the annoying need to re-login have a reasonable explanation for their real problem (and can hope for a solution) - and you have an explanation problem for not having been affected... They call it justice, methinks:)
(26 Apr '11, 09:01)
Volker Barth
I'm using Firefox 3.6.16 on this box and I haven't used this box to view this forum for at least a week and my cookie says it expires on May 11th.... so it would appear that it has automatically renewed itself.
(26 Apr '11, 22:37)
Mark Culp
I'm using the same FF version, and the forum cookie expires on May 10th. On a different box with IE8 (which I usually do not use to browse at all), the cookie expires on May 11th. AFAIK my FF cookie handling options are set to default values, with one exception (but that is a default migration settting, methinks) - as displayed by "about:config":
(27 Apr '11, 03:58)
Volker Barth
FF 3.6.12 here. And after visiting the site again today the cookie is set to still set to expire on May 10th at 8:25 AM EDT. That is 2 weeks from when I logged in yesterday. I'm thinking we don't have 100% of the story, but Volker, Breck, Reimer, Justin, and I do appear to have cookies that don't get updated whereas Mark's cookies are updating. We have the same browser (close enough). So, what's the missing variable?
(27 Apr '11, 08:11)
Phil Mitchell
Ok, I'm going to have to be humble and state that I misread my cookie expiry date yesterday (I think). I checked my cookie again today (on my main work computer) and it says that it expires May 6th (not May 11th) - I.e. I must have read the '11' in the date as the day not the year ... [gripe] I wish the world would just standardize of Year-Month-Day when it comes to displaying dates and this type of mix-up would not occur! [/gripe]. So it would appear that I logged in last Friday (April 22nd) and that I am going to have to re-login again next week!
(27 Apr '11, 09:12)
Mark Culp
@Phil: Sorry, I moved the "accepted answer" to Graeme's answer as he delivered the fix whereas you had explained the reason... One of the cases where 2 accepted answers were a "nice to have":)
(13 May '11, 03:24)
Volker Barth
|
|
OpenId is a PITA, but at least sqlanywhere-forum.sap.com is not as bad as my.sybase.com ...which makes me type my password every single day! Seriously, please get rid of this expiry thing... it's overkill, sqlanywhere-forum isn't a banking site. Well, for SQLA my OpenID has worked fine, and as such I do not really share the evaluation as a PITA:) That being said, I strongly second your conclusion.
(10 May '11, 09:44)
Volker Barth
Well, OpenID is a multi-step process, and the website is slowwwww... and it is a single-point-of-security-failure if you actually use OpenId for more than one site (I don't)... stay tuned for the news broadcast that OpenID has been hacked :)
(10 May '11, 16:17)
Breck Carter
Replies hidden
No risk on my part, my usage of OpenIDs is limited as well:)
(11 May '11, 05:08)
Volker Barth
|
Another weekend - another time to re-login on this site ... (and again not for SQLA where I use the same OpenID).
May this be due to the fact that I have logged in to MySybase with other credentials lately?
I think this did appear the last time, too, to download an EBF (or to leave a DCX comment).
Just a suspicion: May logins on this site and MySybase do interfere somehow?
same here - 3 different computers all insisted on re-logging in yesterday (Saturday). I use MySybase authentication.
Time to re-login, again - but now I know the cause:)
Are there any plans to change the cookie expiration timespan (or update the cookie each time the site is visited), as Phil has suggested in his answer?
At least the current situation keeps me remembering my OpenID passphrase easily ...