Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Regular Coder
    Join Date
    Sep 2010
    Location
    London, UK
    Posts
    167
    Thanks
    28
    Thanked 0 Times in 0 Posts

    Site timed out causing my post to disappear

    This site needs to review how it is built. Writing a post can take more time than one is allowed to be on the site without 'activity' taking place making the server think that the person is not doing anything. The server will then show the 'you need to login' page when trying to post to the forum. With the result that all that typing and putting together of the post is all wasted.

    This is a programming issue not a user issue. There are plenty of PHP websites that hold the info in memory and allow one to use the back button to go back and retrieve the text that one has written even though the user has been logged out by the system.

    If the excuse about security comes up, I say to you what security issue? Is this a bank? Are we dealing with sensitive info? No on both counts. If a hacker wanted to cause problems for this site s/he would do so regardless of the securty measures in place.

    But for this kind of site this is pretty pathetic.

    It is goddamn sloppy to timeout someone just becuase they have not been browsing posts, when in fact they are writing one. I have seen quite a few chat windows having the wording appear telling you that the 'Agent is typing'. So there is this function out there somewhere in coding land that tells the server that activity is still happening which will prevent the time-out from occuring.
    Last edited by judgedredd; 09-29-2010 at 07:10 PM.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    This behaviour is caused by static HTTP with a limit of 15 minutes (I think its probably 15 minutes) imposed by the system itself on the sessions.
    We cannot leave users logged in indefinitely; the easiest way to solve this issue is to use the 'Remember Me' option to automatically log you in when your session expires. I'm actually thinking that with the vBulletin that just ensuring you enable cookied sessions actually resolves this problem, but I cannot be 100% sure on that (it prunes the sessions out then you present it with only a session and maybe a userid, but that cannot verify you).

    This being said, if I'm not mistaken you can provide it your login credentials and submit them it will automatically redirect you back to your post to submit.

    As for your chat windows example, that uses either AJAX if over HTTP, or RMI or some similar technology with Java/Flash etc in order to hold your session alive. HTTP just doesn't work that way by itself.

    Edit:
    I just tested this by logging out before submitting this post. It prompted me and then when I logged in automatically retained the post.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Regular Coder
    Join Date
    Sep 2010
    Location
    London, UK
    Posts
    167
    Thanks
    28
    Thanked 0 Times in 0 Posts
    Hi, Thanks for you reply. Is this behavior of being able to log back in and being able to retrieve one's post written anywhere?

    If it is then it is my fault for not reading how this site works, if not then this info should be posted somewhere where it is easy to find. Maybe a sticky post with the heading 'What to do if you are timed out while trying to post' or something like that.

    If it took me about an hour to create my post, then there could be many others who may be having the same problem.

    This is the second site that I have seen this issue with while trying to post something. With the other site I never bothered going back there again.

    15 minutes is not very long. Maybe it can be changed to 30 minutes?

    And I don't expect the site to allow users to stay in indefinitely. The time limit could be changed though. 15 minutes is just too little time.
    Last edited by judgedredd; 09-29-2010 at 07:57 PM.

  • #4
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    So you typed up your post, hit submit and it prompted you to re-login and when you did, it didn't continue submitting your post?
    OracleGuy

  • #5
    Regular Coder
    Join Date
    Sep 2010
    Location
    London, UK
    Posts
    167
    Thanks
    28
    Thanked 0 Times in 0 Posts
    Yes, that is what happened. I was presented with a blank box.

  • #6
    The Apostate Apostropartheid's Avatar
    Join Date
    Oct 2007
    Posts
    3,215
    Thanks
    16
    Thanked 265 Times in 263 Posts
    Why exactly can't you check the "Remember me" box?

  • #7
    Regular Coder
    Join Date
    Sep 2010
    Location
    London, UK
    Posts
    167
    Thanks
    28
    Thanked 0 Times in 0 Posts
    Because I really hate cookies (I am assuming that this site uses them). That is why I also stay clear of javascript.

    Plus I have an aversion to clicking 'Remember me' boxes. Don't trust them at all.

  • #8
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Quote Originally Posted by judgedredd View Post
    Because I really hate cookies (I am assuming that this site uses them). That is why I also stay clear of javascript.

    Plus I have an aversion to clicking 'Remember me' boxes. Don't trust them at all.
    That's fair enough. But 1 hour and you expect to be still logged in? I don't think 1 hour is a reasonable time to declare a session as aborted. IMO, 15 minutes is too long.

    As for the not submission issue after login, I don't know what the issue is. I'll test it again and see how it goes (no cookies, no js).

    Edit:
    With no cookies and no js, it worked just fine.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #9
    Regular Coder
    Join Date
    Sep 2010
    Location
    London, UK
    Posts
    167
    Thanks
    28
    Thanked 0 Times in 0 Posts
    Ok. Well there does seem to be a difference of opinion as to how long to stay connected before being booted out. I feel that there is a wide spectrum of users who stay logged in based on their skill level.

    On one end you have the pros who can do stuff with code that I can only dream of, and at the other end those who are trying to learn to code, like me.

    Now the two ends of the spectrum would have vastly different needs and would subsequently use the forum differently. If a newbie comes onto the site do you think that s/he would spend 15 minutes browsing, find what they need and leave? Well, I highly doubt it. They would be looking for solutions and with that comes typing in the right search terms and that means trying to figure out the correct search terms to be using, or they would be looking at how code that is posted is structured and trying to make sense of it. 15 minutes is a pittance for this type of browsing. Since you are a pro with your knowledge you know exactly what you are looking for, how to structure the search terms correctly, where to go and find the code that you may need or even who to ask/PIM directly. So for you, yes 15 minutes is probably too much time. Yet this is a forum for learning is it not?

    I have no idea what the logic is behind the 15 minutes. To me it does not make sense. Neither does the security aspect. Security against what?

    I may not be very good at PHP yet, but I am very sure of my understanding on what its potential is. One can do things in PHP that one can do in any other language.

    Making sure that this site is secure can be easy or hard depending on how you think of it. Unfortunately those that do coding for a living get into a mode of thinking that some things are not possible. To me, I think that it all boils down to either laziness or not being able to see the wood for the trees. Some people are too lazy to think outside the box, while others can't see solutions where others can. There is more than likely a very simple solution about the problem of site security, or giving a user a reasonable amount of time to post what needs to be posted.

    Just writing this post made me think of how some post boxes (this box that I am writing in) count the words as one types and when one goes over a certain limit it tells the user by how many words the post is too big. I think these boxes have this.

    So some sort code is counting these characters as I am typing them. That code can easily be linked to code that notifies the server that there is a live one here still! It may be easy to talk about but hard to implement. But it is doable. Heavens, there is even code that can follow a mouse around on the screen and cause certain things to happen to the page when nearing the proximity of various parts of it.

    Anyway, this is gone beyond a simple post.

    By the way, this post took more than 15 minutes, found myself booted out when posting, typed in my user name and password and found that my post was posted. So a bit puzzling about the failed post.
    Last edited by judgedredd; 09-30-2010 at 01:47 AM.

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    That typing is done by javascript. Unless it uses AJAX to update the the server of your status then it will not be keeping your session active, and doing so would severely consume your bandwidth. Suggestion boxes on the other hand would since they use ajax to help look up terms. These both rely on JS which you stay clear of, so these won't work for you.

    The limitation of 15 minutes is likely a maintenance aspect. There is no reason to assume that people are on longer than 15 minutes at a time, and since statistics are already difficult enough to track over http, its better to assume a shorter period than a longer one. While you may not browse with cookies on, I'll bet the majority of users prefer this feature. Because of this, the vBulletin was designed to accommodate these users, not the smaller percentile that go without. While the system itself won't hinder you from its usage, it also won't go out of its way to assist you either. Its simply a middle ground.
    The system itself can be configured to force you to enable cookies if you wanted to browse. This would be a bad idea, something like a bank would use this style: cookies over TLS only.

    Technically, a modification could be done to detect if a post has been made. If so, it could mention this in the information to the user when logged out - something simple like 'You must login in order to post this message'. Right now, the vB is all generic with a simple 'you are not authorized to....' kinda message.

    As for the failure to post, I can think of something that would cause that. If there was an issue with connecting to the database to authenticate, I can see an issue arriving after a redirection. I'm afraid I couldn't be certain on that though...
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #11
    Banned
    Join Date
    May 2006
    Location
    England
    Posts
    664
    Thanks
    0
    Thanked 84 Times in 84 Posts
    Quote Originally Posted by judgedredd View Post
    This site needs to review how it is built. Writing a post can take more time than one is allowed to be on the site without 'activity' taking place making the server think that the person is not doing anything. The server will then show the 'you need to login' page when trying to post to the forum. With the result that all that typing and putting together of the post is all wasted.
    This is a problem on many forum sites, so in that situation I make a habit of pasting the finished text into my text editor before attempting to send.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •