|
|
|
Forums » List all forums » » Forum: General Discussion » » » Thread: Auto-login cookie bug found!? |
| Posted by weightechsales at Aug 22, 2011, 11:46:41 AM |
|
Auto-login cookie bug found!? I think I've tracked it down! I've been watching the expiration on my cookies lately (for the last 3 weeks, waiting on the 8/21 expiration), and sure enough, once the cookie expired, my autologin failed this morning! So I manually logged in and saw that the new cookie had an expiration 30 days in the future. Restarted browser and autologin worked again. Modified the expiration to make it expire, restart the browser, reload: no autologin (as expected). So, I'm thinking the problem is that the cookie is generated when you manually login with an expiration of 30 days in the future. If you simply return to the webpage and allow it to autologin, the cookie's expiration date is not adjusted. 30 days after the last manual login, your autologin fails. It seems to me that the fix would be to reset the cookie expiration at every login, both auto and manual. But I'm not a web dev, so maybe I'm missing something with such a simple suggestion. FYI, I think this is the relevant cookie: Server: localendar.com Name: LOCALENDAR_ID_12 Value: xxxxxx Expires: 2011-09-21 10:02:29 Last visited: 2011-08-22 10:01:18 Secure: No Only sent to creator: No Version: 0 Comments? |
| Posted by support at Aug 24, 2011, 1:42:38 PM |
|
Re: Auto-login cookie bug found!? This is actually intentional behavior, similar to what many websites (Yahoo, eBay, etc) do. Many sites only use a 2-week window. If you re-visit localendar within that period, we don't automatically extend the expiration date since some type of regular verification of your identity is a good security measure. We really appreciate your digging into this issue, and want to thank you with a free year of Premium Webmaster on your account. ---------------------------------------- Marc Higgins Support Associate, localendar.com Follow us on Twitter! http://www.twitter.com/localendar_news |
| Posted by weightechsales at Aug 24, 2011, 3:15:13 PM | ||||
Re: Auto-login cookie bug found!?
Oops. I guess if I'd known that earlier, I wouldn't have spent the time to track it down. Looking back over my original complaint thread, it's obvious that I was having trouble about every 30 something days. Can't believe I didn't notice that sooner!
Hmm. I guess? I normally have to enter passwords for banking sites every time, but something like a forum I'm used to it working forever. (My Hacker News cookie, for instance, expires in 2036.) Not that I'd second guess your decisions. In the meantime, I'm going to edit my cookies to expire some other time... |
Help! | Cobranding | Legal | Privacy Policy | About localendar.com | Contact Us |