The issue has two parts I need to think on:
- I can't send the data of a "stay logged in" checkbox to Steam login
- Some people may not want a cookie auto-dumped on them to stay logged in with Steam

Thoughts?

If you need a cookie to do it ( rather than a pure browser fingerprint stored in the db ) you could always make it a setting that you can enable in the Control panel. ( and so check the users preferences as (s)he logs in and set a cookie if desired )

Though to be fair you already set 5 cookies;

PHPSESSID
__cfduid ( *http* )
gol-device
request_stay
steamID

so one more properly isn't going to be an issue

The problem with browser fingerprinting is that any small browser update will invalidate it, which is why everyone tends to use cookies (it's what cookies were designed to help with after all).

I suppose a good way around it would be a setting in the UserCP.

I might just auto-do it, and see if anyone kicks up a fuss. I doubt anyone will, since no one has ever said anything about the cookies we set now and people who get pissy about it probably block cookies themselves anyway...

Did you ever get round to look at this?

I actually just took another look at the code, and it now works.

I've changed the way it work to essentially submit the form as normal through POST, so that we can capture the tickbox for staying logged in. Then that redirects to the Steam login section, seems to work now.

Glorious \o/

Have you changed anything? - I've been logged out twice today

Quoting: GuppyHave you changed anything? - I've been logged out twice today

Haven't touched it since it was fixed.

Is this on the exact same device?

Quoting: liamdawe

Quoting: GuppyHave you changed anything? - I've been logged out twice today

Haven't touched it since it was fixed.

Is this on the exact same device?

My work desktop yeah

I think I've worked out why - have you changed your cookie domain recently?



I've cleared them out and now only have one for ".gamingonlinux.com"

lets see if that does the trick :)

Sadly that wasn't it :(

guess I'll try and see if my gol-device value changes

The following cookies all remain the same, regardless of login state;

gol-device
request_stay
steamID
gol_stay
gol_session

So I do not think it's a client side issue

By contrast visiting from my phone I am still logged in (haven't visited the page since last nigh with it)

You had a ton of duplicated logins, so I have removed all your saved sessions (will require a new login on all devices). From your next login it should now work correctly.

Sorry about that, but it's likely left-over from when I updated our cookie handling to use the same domain across all logins (to prevent issues like this in future).

Edit: Been testing it myself all day, haven't been logged out once. So I think that was the issue.

Quoting: liamdaweYou had a ton of duplicated logins, so I have removed all your saved sessions (will require a new login on all devices). From your next login it should now work correctly.

Sorry about that, but it's likely left-over from when I updated our cookie handling to use the same domain across all logins (to prevent issues like this in future).

Edit: Been testing it myself all day, haven't been logged out once. So I think that was the issue.

Never got back to you on this one ( I've been massive computer problems ) but yeah it seems to work now