11 replies to this topic

[peterbj7]

I now find I have to input my logon details every time I visit the site. The only site this is true of. I am consistently using a VPN, which I am sure is what's causing it.

[ScubaPunk]

Everyone has to log in every time. It was changed for security purposes.

[secretsea18]

Everyone has to log in every time. It was changed for security purposes.

Not true.

I just came on the website and my computer remembers my logon info without having to enter it every time. However, I have noticed that if I happen to logon from another computer, my home computer will not automatically remember the logon info, and makes me initiate it with the user name, and then it completes the form for me. Could this be your situation too, Peter?

[ScubaPunk]

Everyone has to log in every time. It was changed for security purposes.

Not true.

I just came on the website and my computer remembers my logon info without having to enter it every time. However, I have noticed that if I happen to logon from another computer, my home computer will not automatically remember the logon info, and makes me initiate it with the user name, and then it completes the form for me. Could this be your situation too, Peter?

Hmmm!.....Well that was the story I got from Shadragon when it first started happening. Maybe something has been fixed, sortof?

Oh Simon Sweetie?????

[Landlocked Dive Nut]

Sounds like there may be indows settings involved, too. Personally, I never allow Windows to "remember" any logon (or other "autofill info) I create, so I have to enter my logon info for any site I visit, every time. This keeps other people who may have access to my computer from automatically logging in as me!

[scubaski]

I also logon as Robin discribed along with the fact when I'm on the road w/ work laptop and need to manually login and again when at home computer. Make log on as easy as possible.!!

[JimG]

This issue came up a few months ago in another thread. Whenever you login, the site stores your IP address as part of the session info. If you then try to login from a different computer (or even the same computer but with a different IP address), then you will be prompted to login again. As Scubapunk mentioned, it is done this way for security purposes.

Peter, the issue with your VPN is probably the result of the VPN server assigning IP addresses dynamically each time you connect to it. This gets you a different IP address each time, and of course you have to login again each time. You might contact the server administrator to see if they can assign you a static IP, or else use some sort of VPN NAT protocol to keep the address from changing each time (or at least appearing to change).

-JimG

[Hipshot]

Sometimes I have to; sometimes I don't. It seems to be a random thing. Sometimes I have to long in again, even if I've been on the server all along. Other times, it will retain my logon info for the next day.

Rick



The names have been changed to protect the innocent, but the crimes remain the same.
-- Narrator, Dragnet

[WreckWench]

Sometimes I have to; sometimes I don't. It seems to be a random thing. Sometimes I have to long in again, even if I've been on the server all along. Other times, it will retain my logon info for the next day.

Rick



The names have been changed to protect the innocent, but the crimes remain the same.
-- Narrator, Dragnet

It is tied to how often the IP addy changes. Sometimes I can go all day without having to log in and other times because I keep multiple windows open, I have to log in several times a day!

[peterbj7]

Is there really a security risk that this addresses? This is the only site I find this with, and I log onto over ten each day.

[JimG]

Is there really a security risk that this addresses? This is the only site I find this with, and I log onto over ten each day.

The site administrators believe that there is a risk, which is why the measure is in place. With respect to these "other sites" that you are talking about, are they "pay" sites? It's not uncommon for those types of sites to be a little more stringent with their security measures. For example, my bank's website has a similar security feature that is based on IP address. So maybe instead of asking "why does SD do this?", you should consider it from the standpoint of "why don't the other sites do this?".

There is always going to be a trade-off with security vs convenience. It's a lot more convenient for me not to have to lock my car or house up every time I leave, but that's what I have to do to keep my belongings secure. IP addresses are incredibly easy to spoof, and from a security standpoint, I don't think it's a bad idea to require users to re-submit their credentials if the IP changes. It's the equivalent of saying "you're calling from a phone number that we don't recognize, can you please verify your identity" (another thing my bank does on telephone transactions).

As usual, the issue is not really the legitimate. or "honest" users, but the "script kiddies" who use automated attacks to try and hack into sites. I have managed a couple of BB sites myself, and believe me, you have no idea of the headaches. I spent way too much of my time deleting bogus users who were created for no other reason than to advertise (for example) porn sites, and it can be a lot of work to keep things free from that type of traffic. And every time there was a security update to the site software, somebody would find another hole to exploit. So yes, it is a bit of a hassle to have to ask users to login again, but I don't personally see it is an unreasonable measure. It definitely makes things easier from the standpoint of keeping unwanted users out of the site.

As I mentioned above, there are a couple of technology solutions to the problem (static IP and/or some type of NAT protocol). I use both of these on my home network, and have very few issues with being asked to login again (basically it only happens when I travel). You can also try using a browser that has a password manager, to automatically generate login info for you. You might try one of those options and see if it works for you.

-JimG

[shadragon]

Is there really a security risk that this addresses? This is the only site I find this with, and I log onto over ten each day.

Short answer is yes... This stops someone from IP spoofing. It is a method for flooding a web site with posts for university diplomas, 'enhancement' ads and the usual crap we see every day. You may have heard of several other boards being inundated with thousands of these kinds of posts. They use bots to automatically register multiple accounts on your site then post the ads from hundreds of hijacked machines around the world. So many, that board servers have crashed as a result.

The IP of your PC and your sign on credentials are hashed together into a unique ID (That is all the detail I am giving). If your IP address changes then you have to sign on again. If you are at work, then go home you need to sign back in. If you are on your PC and go to your laptop, same thing. The sign on can last several days under the right conditions.

You will notice that we have not had the flooding issue where other IP Boards have. This is thanks to Stan and his unannounced work in the background. It is inconvienient, but unfortunatley necessary. I sign in from five PC's and even my Blackberry on occasion and it is a P.I.A. at times, but at least I am not spending hours deleting Viagra ads.

WooHoo. Punkie called me "sweetie". Am slowly wearing her down...