header pic

Share this topic!!! Share
Author

Topic: One new issue, one old

 (Read 1303 times)

Anonymous Coward

  • All Star
  • ******
  • Posts: 3187
  • Liked:
One new issue, one old
« on: March 17, 2019, 04:14:51 PM »
New issue: when logging in from within a specific thread, after the sign-in the page opens to a different thread. I think there's a consistent pattern of which thread that is (one up or down on the board or something like that), but I haven't spent the time to decipher that pattern yet.

Old issue: I'm logged out more often than I'd like. Can I somehow log in permanently, or at least for a month(s) long amt of time?

Drew4UTk

  • Administrator
  • Team Captain
  • *****
  • Posts: 5780
  • Liked:
Re: One new issue, one old
« Reply #1 on: March 18, 2019, 07:52:49 AM »
that first one is new to me... I'll look into it and see what the story is... I may have simply put some bad code in there.

the second one is something i've been battling for a while.  I don't use static cookies/sessions but dynamic (held in ram/suspension) sessions which makes the site more secure and buggers the tears out of would be hackers... the problem with it is when the server blinks, which it does for 'health' purposes three or four times a day... when it does, if the session is X minutes old it will end it... the problem is the X variable I assign doesn't seem to have an effect? Which... means i've got some bad code somewhere I need to find. 

thanks for the heads up! 

Anonymous Coward

  • All Star
  • ******
  • Posts: 3187
  • Liked:
Re: One new issue, one old
« Reply #2 on: March 19, 2019, 06:05:25 PM »
There's a lot to be thankful for here. That you spent your time to read and respond. That it was fast. And that you do so much behind the scenes. It's all good of you, man. Thanks.

Drew4UTk

  • Administrator
  • Team Captain
  • *****
  • Posts: 5780
  • Liked:
Re: One new issue, one old
« Reply #3 on: April 01, 2019, 11:23:16 AM »
i looked and looked to figure out how the first issue could be happening.  I only have a theory.  

background:  the function in question relies on 'session's' data collected by your use and stored in the session's memory.  I also leverage cache's to speed the site up and take a bit of burden off the server.  

theory: the session's information stored on you is held in suspension (ram) instead of written to a file, and the cache updates every time you do something that requires a session statement.  What i 'think' may be happening is the 'current' page isn't stored in the session until you leave it and log in... and post successful login the script tell the browser to return you to your last know page (queries the cache) and the cache reports the last page you left being the 'next' previous instead of the most previous. 

If this is so, i don't know how to defeat this.  one way for me to know if it's so is by your response to this question:  "when it takes you to an unintended thread, was or is it a thread you were in before?"


next one: 
the sessions timeout... 
so I use a RAM held session as opposed to writing the data to a file.  I do this for security- my strategy being "if someone attempts to break into the site by using valid sessions stolen from someone else (a user) they're NOT going to find them by breaking into a directory that stores files... they'll have to somehow negotiate and collect information that's stored in RAM, which is virtually impossible".. As it turns out, the RAM held sessions doesn't take directives from any of the 'timing' directives- it operates, by design, on it's own.  it's valid until the machine loses it's RAM (flushes it) for some reason.  Other than that happenstance, there is a 'gc_' (garbage collection) function that randomly flushes sessions 50 times every 100k logs.  this is done to keep the RAM segment/cluster clean and clear, as well as to re-challenge users.

over the weekend i did some things to the page in effort to remedy this, and while looking found some other things that could likely be better done in RAM as opposed to I/O on a disk... so i migrated a metric ton (technical term is 'shit ton') of stuff to be operated by the servers RAM to reduce i/o on the disk.  I upped the sessions lifetime by decreasing the garbage collection rate.  I hope it works, as otherwise and in effort to remedy your request i'll have to go back to using files as a sessions storage, and i really don't want that vulnerability on the site.  

Drew4UTk

  • Administrator
  • Team Captain
  • *****
  • Posts: 5780
  • Liked:
Re: One new issue, one old
« Reply #4 on: April 03, 2019, 09:46:42 AM »
@Anonymous Coward - i found it! I fixed it... your login (and everyone else's) will last longer now- basically until the server crashes or i have to restart it... so.... likely once a month on average.... unless you get selected during the 'taking out the garbage' call, which could still happen.  the odds are firmly in your favor that won't happen, though. 

Anonymous Coward

  • All Star
  • ******
  • Posts: 3187
  • Liked:
Re: One new issue, one old
« Reply #5 on: April 03, 2019, 06:19:39 PM »
Thanks Drew! And regarding that question, I'm not entirely sure if the site *always* brings me to a thread I've previously visited when I log in from within a different thread. But (1) I'll pay closer attention to find out, (2) I visit so many of the threads here that it would be unlikely to take me to a new thread even if your theory about my cookies is wrong, and therefore possible to end up somewhere new. Finally, (3) if your other fix limits how often I'm logged out, it may take a while to get answers for (1) & (2).

 

Associate Links/Search