YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 3 
Topic Tools
 
Update Session (Read 7,293 times)
 Reply #15 - May 14th, 2012 at 5:27am
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Update Session
Hitting refresh doesn't reset the timer. It just lets you know how much time is left before a "Profile-Session" expires.

Even though only admin sessions have the option to choose 1 of 10 questions so that an alternate answer other than a password can be provided to authenticate or "Re-Authenticate" a session, it's obviously a feature that doesn't work. The result is that admins have to use a password just like members.
 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #16 - May 14th, 2012 at 10:22am
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,615
Land of the Blazing Sun!


None
Re: Update Session
The Update Session only applies to two classes - Admins and Global Moderators.  AFAIK.

The easiest way to trigger it is to remain logged in on one IP, and start a new session from a different IP.  When you go back to the first session, you will likely find an 'Update Session' has replaced the Admin Button.  I believe another way to trigger it is to use and Administrative function on one of the boards - that starts a countdown timer.

When i did my testing, I used the sign-in from a different station method to trigger it.


Smiley
 
I find your lack of faith disturbing.
 
IP Logged  
 Reply #17 - May 14th, 2012 at 2:42pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Update Session
I don't fully understand how the scramble routine works, but it seems to be different every time, so the answer passed in the form is never going to be equal to the one store in the .vars file.

So I guess you could just descramble the stored answer before the check.

In Sessions.pl find:

Code (Perl)Select All
        $question = ${$uid.$username}{'sesanswer'};
        $answer = &scramble($FORM{'sesanswer'}, $username); 


And replace with:

Code (Perl)Select All
        $question = &descramble(${$uid.$username}{'sesanswer'}, $username);
        $answer = $FORM{'sesanswer'}; 



 
 
IP Logged  
 Reply #18 - May 14th, 2012 at 4:09pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Update Session
Even though the Update Session evidently applies to only two classes as an option to change; Admins and Global Moderators; the Membership class is also affected by it.

With the Membership class, the only difference is that there is no direct access to the Update Session credentials.

So again, since alternate options other than using one's password to use as validation to re-authenticate an expired session do not work, all classes work in the same way.

To clarify about the Membership class, when a session has expired, the following message will appear:

Please Confirm Your Password

Profile Session timed out. Please Re-Authenticate.


On a related note with the Membership class as an example, just as it is with the Admins and Global Moderators classifications, all classes will start displaying the following message when a session has begun, which gets counted down to an expired session:

Your Profile-Session expires in 600 seconds.

I suspect that there aren't many admins who pay that much attention to the Membership class, but I routinely poke around as a member so that I can stay on top of what members experience.

In any case, maybe Derek's solution will work. He always seems to figure these things out.  Smiley

Edited:
Dandello wrote on May 14th, 2012 at 4:39pm:
Darn cold - Derek beat me to it.  Wink - But another bug bites the dust!
« Last Edit: May 14th, 2012 at 4:50pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #19 - May 14th, 2012 at 4:39pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Update Session
Darn cold - Derek beat me to it.  Wink - But another bug bites the dust!

And yes Bill, we know that Sessions.pl is triggered by staying too long in the profile section - but the 'password only' part was working!

« Last Edit: May 14th, 2012 at 4:42pm by Dandello »  
WWW  
IP Logged  
 Reply #20 - May 14th, 2012 at 4:58pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Update Session
Dandello wrote on May 14th, 2012 at 4:39pm:
Darn cold - Derek beat me to it.

Actually, my subconscious did. I read this thread before I went to bed last night and had a dream that it was something to do with the scramble - I tested it when I got up, and indeed it was. Smiley
 
 
IP Logged  
 Reply #21 - May 14th, 2012 at 5:04pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Update Session
I still get amazed at how you figure this stuff out; and in your sleep, too!

Dandello seems to be able to do the same thing, and JonB as well.

Happily enough, just following what all of you do makes me just a little bit smarter when it comes to this stuff, so thank you all!  Smiley

I wonder what I'll get to learn next?  Wink Cool

 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #22 - May 14th, 2012 at 5:22pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Update Session
Update: Even after applying Derek's fix, the only re-authentication that works is using my password.

But that's cool. I really only want to use my password anyway.  Wink

Edited:
Derek Barnstorm wrote on May 14th, 2012 at 5:27pm:
If you mean it doesn't work for the profile timeout, then it won't. That isn't broken to need fixing - they're two separate things.

« Last Edit: May 14th, 2012 at 6:07pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #23 - May 14th, 2012 at 5:27pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Update Session
If you mean it doesn't work for the profile timeout, then it won't. That isn't broken to need fixing - they're two separate things.
 
 
IP Logged  
 Reply #24 - May 14th, 2012 at 6:06pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Update Session
So where else would Update Session invoke with an admin account?
 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #25 - May 14th, 2012 at 6:12pm
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Update Session
Bill Myers wrote on May 14th, 2012 at 6:06pm:
So where else would Update Session invoke with an admin account?

JonB wrote on May 14th, 2012 at 10:22am:
The Update Session only applies to two classes - Admins and Global Moderators.  AFAIK.

The easiest way to trigger it is to remain logged in on one IP, and start a new session from a different IP.  When you go back to the first session, you will likely find an 'Update Session' has replaced the Admin Button.  I believe another way to trigger it is to use and Administrative function on one of the boards - that starts a countdown timer.

When i did my testing, I used the sign-in from a different station method to trigger it.


Smiley

Smiley
 
 
IP Logged  
 Reply #26 - May 14th, 2012 at 6:21pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Update Session
When you've logged as admin from a different IP then gone back to the first IP (like you've logged in from two computers in two places.) I can trigger it by staying logged in as admin on my on-line test site from my desktop, then logging into the testsite as Admin on my iPad from Starbuck's, then going back to my desktop.

That's why this one doesn't show up all that often - unless you habitually log in as admin from different places, you won't see it. BUT, when you do trigger it, you also get a nice little 'Update Session' button instead of an 'Admin' button in the button array.  Wink

And Derek beat me to it... Grin
« Last Edit: May 14th, 2012 at 6:22pm by Dandello »  
WWW  
IP Logged  
 Reply #27 - May 14th, 2012 at 6:34pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Update Session
I had already tried doing what JonB outlined, and I didn't see any Update Session options, which is why I asked.

Maybe this doesn't apply in V2.4 like it does with the newest version (although I'm pretty sure it does).

Edited:
Yep! It does apply.  Roll Eyes

After all, I seem to recall a time or two when I previously got hit with an Update Session requirement when I was logged on with my admin account, so it's more likely that I'm simply unable to invoke it at this time.

In any case, Derek's fixes have always worked for me before, so I think I can safely presume that this latest fix of his did what it was supposed to do, and all is well.

No biggie.

On the note of changing the way a session is updated, I'm curious to know why anyone would want to use anything but a password since an alternate way to re-authenticate doesn't apply to a profile session.

Making such a choice would require two different ways to re-authenticate a session depending on what session was opened at the time.

I don't know; just seems a  bit complicated.  Roll Eyes

Edited:
Dandello wrote on May 14th, 2012 at 6:21pm:
When you've logged as admin from a different IP then gone back to the first IP (like you've logged in from two computers in two places.) I can trigger it by staying logged in as admin on my on-line test site from my desktop, then logging into the testsite as Admin on my iPad from Starbuck's, then going back to my desktop.

That's why this one doesn't show up all that often - unless you habitually log in as admin from different places, you won't see it. BUT, when you do trigger it, you also get a nice little 'Update Session' button instead of an 'Admin' button in the button array.  Wink

And Derek beat me to it... Grin

Oh yeah! That's when I had this happen; exactly like that, except I wasn't in Starbucks at the time; just in another part of the house.


Edited:
Edited to correct a typo; yet again.  Shocked
« Last Edit: May 15th, 2012 at 6:16am by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #28 - May 14th, 2012 at 8:30pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Update Session
Methinks this was either a mod that people liked or something somebody saw on other software and liked. I've seen similar options in blog software and similar security questions for identification confirmation for resetting passwords and such in other places.
 
WWW  
IP Logged  
 Reply #29 - May 14th, 2012 at 9:47pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Update Session
That makes sense.
 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
Pages: 1 2 3 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.