Liam DaweYes, if you modify the gol_session cookie, the next time it is read when your session expires it will kick you out. It's supposed to do that ;)

i would have assumed something like that.
But i just tried it - closing the tab, modify only gol_session - open a new tab and to to GoL - still logged in.
Or is the session kept alive based on IP?

Termy

Liam DaweYes, if you modify the gol_session cookie, the next time it is read when your session expires it will kick you out. It's supposed to do that ;)

i would have assumed something like that.
But i just tried it - closing the tab, modify only gol_session - open a new tab and to to GoL - still logged in.
Or is the session kept alive based on IP?

Can't remember exactly how it's done, but a session will expire by itself after a period of time. This isn't part of the issue though, still tracking what exactly is causing it.

Ok, can confirm, a while after modifying gol_session i was logged out ^^
Let me know if there is anything else i could provide to narrow it down

TermyOk, can confirm, a while after modifying gol_session i was logged out ^^
Let me know if there is anything else i could provide to narrow it down

It's a very tricky thing to find, as for me it's now working fine. Haven't had a single logout since I fixed those AJAX calls not pulling the session.

I've added some extra logging to detect if there's any pages that don't get the session for whatever reason, to see if perhaps there's still a call somewhere that is missing it.

Without a confirmed method of getting it though (and I don't mean messing with cookies manually, has to be the site itself), it's extremely difficult to find.

Well, for me the confirmed method is "wait a day" - it seems to be roughly 24h, but definitely with some variation :/
I always call the main page first (https://www.gamingonlinux.com/ to be exact), no subpage. Is there any kind of browser log that could be of interest? Firefox' console doesn't seem to contain anything in that regard.

I do have some sort of an idea I'm trying now, I've been wanting to boost the cookie/authentication security for a while so I'm doing that now to possible kill two birds with one stone.

It's live, you will likely see a one-time logout now as I won't risk changing old cookies to new.

Do update me in a few days if you now see no logouts!

Edit: So far it seems stable, I've removed my own session and closed desktop/mobile browser - both keeping me logged in. Keen to see how it goes after a day or two,

Last edited by Liam Dawe on 28 November 2019 at 6:30 pm UTC

Liam DaweIt's live, you will likely see a one-time logout now as I won't risk changing old cookies to new.

Do update me in a few days if you now see no logouts!

Edit: So far it seems stable, I've removed my own session and closed desktop/mobile browser - both keeping me logged in. Keen to see how it goes after a day or two,

nope, still getting logged out
First yesterday, i then cleaned the cookies once more, just to be sure - but now i was just logged out again :/

FWIW, I was also having login session issues a few weeks ago, but I could only reproduce it on one machine, and in a single browser (qutebrowser-git). I've since updated the browser, and I no longer have the issue (either because it was a bug that got fixed in the browser, or because Liam's session fixes worked for me)

Last edited by WorMzy on 1 December 2019 at 7:19 pm UTC

Ok, i'm just back in the office and my login from friday is still active on this machine. So it seems it's at least an improvement xD

Edit: Cancel that - logged out again :/

Last edited by Termy on 2 December 2019 at 8:32 am UTC