…that’s been puzzling me for about three months now. Carleas and I have been discussing it ad nauseum for a while, but have arrived at no real answer.
I’ve had to request a new logon password several times since Sep. of this year. I’m able to use the password for a few weeks, then it stops working and I have to request a new one in order to log onto ILP. How can that be?
I don’t set cookies, nor can I give them expiration dates. I’ve made no changes other than setting the new password, as needed. Most often, I don’t even log out when I leave the site. Since Carleas has had to reset my password twice, now, I need to reset it in order make it totally private; I hesitate doing so, however, without some idea of why I have been forced to do so so often.
Please don’t suggest that I do this, this, or this–you’ll only be covering ground Carleas and I have been over several times. Simply tell me if any one has had this problem–here or at another site. If so, were you able to discover what was going on? Thanks, Liz
It happened to me on a few sites, and I think the problem was at their end not mine, as their sites always played up whenever I tried to sign in - try emailing their help centre to ask…
When I was a kid on AOL I would run progs and crack the passwords of the kids I didn’t like, change their passwords and render them unable to log on. Maybe something like this is happening to you.
phyllo, mags, and smears, No, I haven’t tried a new browser, but I may have to. Mags, the whole conversation with Carleas is the result of my e-mailing the help site. He’s just as much in the dark as I am. Mags, did you ever determine why and/or how you lost your password? smears, I’ve thought of that, but why should anyone do that to me? It takes a lot to break into firewalls, find a computer generated password, and change or delete it. I refuse to be that paranoid. I’m simply not that important.
FJ and vol, as usual, while your comments add absolutely nothing, it’s a pleasure to see your responses. It means, to me, that you read my posts! What a delight.
Liz, your description of the problem isn’t entirely consistent with our conversation. The most recent time you had trouble loggin in, you said you had misplaced the email with the password I had set for you, and that that password had worked when you were involuntarily logged out on another occasion. It is possible (probable) that that password would still have worked to log you in.
I don’t think this is a case of hacking. To my knowledge, phpBB has no unpatched vulnerabilities, and while I’m no wiz, I keep the server pretty well locked down. In any case, it would be shocking if someone were hacking us for the sole purpose of changing one member’s password.
I still have all the e-mails we’ve exchanged, except for the one that was there one day and gone from my delete file two days later. I’d be very willing to share them if you’d like. I’ve explained the process I have to go through in order to permanently delete my delete file. I never said anything about being involuntarily logged out. I’ve said many times, in fact, that I never log out of a forum site.
I know you do your job well and you’ve been most gracious and kind to me over the past few months. I believe I also mentioned someone who has the hacking ability, who knows the phpBB program (it’s used by so many forum sites,) who can and has gone into PMs and posts either to delete or to ‘edit’ them and has done so to several people, not just me. I don’t know why s/he did it other than out of insanity.
With every exchange, the basic question gets more definition. Is it possible for someone who knows the program intimately–who can and does hack into it at one site–to hack into it at another site? Iow, are there controls that keep even the owner of the site from messing around with it?
I really do trust you, Carleas–I don’t trust the other one.
The vast majority of computer problems have nothing to do with hacking.
If I were you, I would look at the process of using the password - entered every time? password manager? log me on automatically setting? And trying to figure out if it is being lost or corrupted somewhere along the line.
Every instance of phpBB runs separately. phpBB is like a program running on your home computer. In the same way that your Microsoft Office is separate from your friend’s, ILP’s phpBB is separate from all the others.
That’s the one I’m talking about. It contained your password, and you used it on more than one occasion to log in. I say that you were involuntarily logged out because the way you described the problem to me seemed a lot like you weren’t logged in:
This is all consistent with not being logged in. I say that it was ‘involuntary’ because you’ve said that you check the “keep me logged in” box, and that you don’t manually log out.
At another point, you mentioned that you were experiencing this problem,
I take that to mean that the first time it happened, you found the password I sent you, logged in, and the problem went away. The second time, you weren’t able to log back in because you couldn’t find the password to do so. All of this is consistent with you being logged out due to the expiration or deletion of a cookie.
Of course, this could be hacking, could be some kind of evil actor following you around the web and logging you out and deleting your emails, or could (as I understand SIATD to be insinuating) be a cruel game orchestrated by the administrator who’s since spent hours working with you to make sure you can access the site. All of those things are possible. But they are exceedingly improbable. The probable explanation is that ILP do longer accepted the cookie that stored your login information, so you were involuntarily logged out and were unable to log back in without the password. The unexplained event in that case is that your email was missing, but as someone who can never find anything I’m looking for or remember anything I’ve done, I would not put that past human error.
Carleas, who or what sets the ILP cookie? Who or what sets an expiration date on that cookie? How can the cookie be deleted–inadvertently or not?
And, please, please, please get the time-line accurately. I’ve said it before: I went to ILP and noticed I wasn’t logged in. I tried to do so, but couldn’t, so I went into my e-mail delete file and found the e-mail you’d sent me. I copied the password and pasted it into the appropriate box, asked that I be logged on automatically and that my password be remembered. I was then able to log on. I did not log out–I never do. Two-three days later, I noticed, again, that I wasn’t logged on. I went back into my deleted file and couldn’t find your e-mail that contained the password. I found everything else, but not that particular one. It takes three steps for me to permanently delete an e-mail, the second of which is to get in touch with the ISP. I haven’t cleared that file for months. So how has this all happened? Why have I had to request a new password at least 5-6 times in the last 4-5 months?
I agree, phyllo, the vast majority of computer problems have to do with human error. I’ve gone through the process of using my password. I don’t enter my password every time I come to this site–I don’t log out. My computer is supposed to remember my password for the site and I always ask to be logged on automatically. I am trying to figure out what’s going on. That’s why I started the thread!
I really don’t like feeling paranoid–I’d rather quit the site (only then I’d miss out on those terribly exciting arguments you have with Mo–and other such memorable discussions–most of which I’ve forgotten for the moment.) But if it happens again, I probably will leave. To me, my privacy has been violated, as it was at the ‘other site.’ There’s nothing here more important than one’s privacy.
Okay, if you are using ‘Log me in automatically’ there are a few possibilities:
the cookie expired ( I think that it’s set not to expire. Not sure.)
the cookie got erased when browser history got cleared out ( Do you do that kind of cleaning?)
the cookie got corrupted ( Might happen if you computer/hard disk is old. You would probably notice some other things not working properly.)
you logged out
If you don’t want to enter a password every time, I would suggest using the password manager in your browser. That would bypass any cookie problems and you would not need to remember your password.
Don’t do it! This will allow Carleas to know your dog’s middle name, your shoe size, the color (and fabric) of your favorite sweater and the per capita turnip consumption in French Indochina before the war!
