Spontaneous logouts

[hayden]

I may have some new info on this problem. I've created a little cmd file that will log a dir listing of the TBN cookies. I've been running it at various times while browsing TBN. Each time you navigate "down" on TBN, the old cookie is deleted and a new one is created. When I get logges out, the cookie that's left doesn't have login info in it.

Earlier today I caught a before and after. At 4:35 my cookie was good. I then navigated to a different page and was still logged in. However, I then looked at the new cookie and it didn't have login info. The next time I nagivated sure enough I was logged out.

Somehow the process of updating the cookies is causing the user ID info to get lost. The client is then left with a cookie sans user id info, and the next navigation causes a logout.

My guess is that there is a race condition in the server software associated with the deletion and creation of cookies while navigating. I think it's very unlikely this is a client problem. I'm not seeing cookies get deleted, they are just being created without user info. I think it's very unlikely that some program is altering TBN cookies.

Hakim, Muhammad, any ideas?

 

[texasjohn]

Hayden, tip o the hat to you..... nothing like an analysis tool to provide information and hard data for problem resolutionj!!!

Great job...

By the way... I've stayed logged in for several hours... but haven't been doing any TBN surfing... am back to it now...will see what happens.

 

[hayden]

Texasjohn - Thanks, but it's completely self-serving. These logouts are driving me nuts, and it's being brushed off rather than debugged.

Just before posting this I got wacked again and notices something else that might be significant. I've been watching the size of the cookies as an indicator of a problem. A smaller cookie indicates there is no login info.

Anyway, I noticed a small cookie and looked at it. It DOES NOT include a userid, but it DOES include a TBNpassword. That seems very odd to me, but I don't know what TBN's server algorithim is so I'm only guessing. The LastVisit and LastAccess fields were missing too.

TBN programmers, I'll bet you a Boxblade that this is a server issue. If you can put a trace on all the cookie activity when I'm logged in, I bet you can figure it out. I'm looking at the boxblade now and it has your name on it

 

[Ibrahim]

We can't, actually, track cookies on the client's side.

Our forum will tell your browser to make a cookie or delete one (or you can delete them at any time, of course.) And what it does is simply query your client for the cookie.

So we have no way of tracking an individual's cookie status.

Let me ask one other thing: Does this happen on both FireFox and IE?

-Ibrahim

 

[texasjohn]

Hayden...I think that you are on to something that between all of us we can use to get a handle on and understand and fix the problem...I sense that the TBN programming team is willing to assist and address the problem with us.

What about sending me the cmd file you have... maybe we could see some common things between the two of us?

Your observation would explain, perhaps, why sometimes I'm automatically logged in and why sometimes I am not... no ID=no login.

you can send me a PM/attachment... but post as well so I know to go look at my "spam" mail since your address is no known to my filters.

 

[Ibrahim]

In firefox I can view my cookies and I can see my userid and password one are set to Expire Sunday.

That might also be something worth checking into. Find out what Firefox says your expiration date is.

 

[Hakim]

Here is a free utility that will find and read all of your cookies. Among the data this tools finds is the expiration date, which as Ibrahim said may be of interest. If you use Firefix, tools/options will allow you to view cookies.

You'll see that there are a dozen or more cookies for TBN. Some last years, some expire at the end of each session. Unless you know exactly what these are for and how they work, it is pointless to "compare" yours to anyone elses. The point is that they are specific for your machine.

Karen's Cookie Viewer

When I ran it, more than a dozen different cookies were found, all for TBN, expiring between 7 hours and 364 days from now.

Five or six people here log on to TBN from three different locations on 11 different PCs, as well as mobile devices -- and we do not have this issue.

Amongst our many thousands of daily TBN users, just a few report this problem. My cookies were last set in January, 2008, and I have never relogged in since then.

So ...

Some of the cookies will be written as tractorbynet.txt or www.tractorbynet.txt(1) or as the case may be.

Trying to read and compare your cookies is unlikely to find the problem. The cookie's content changes constantly, because it is updating many things like "last page visited", threads you are subscribed to and so forth.

Use Karen's Cookie Viewer, or the Firefox cookie viewer, and locate all of your TBN cookies. Close and reopen your browser. There will be some written as "tractorbynet" and some as "www.tractorbynet" Find ALL of them. Delete. Then log back in fresh. See if the problem recurs.

There is also a possibility that your ISP is caching some of your TBN pages. Check to make sure you are updating on "every visit to the page" and not "every time the browser starts".

Hakim

 

[Hakim]

Just to cover the obvious.

When you log in with your UserID and password, make sure right below the form fields that the "Remember me" box is checked.

 

[hayden]

Guys, thanks for jumping in. I'll try the viewer utility. Reading back through this thread there are people with both Firefox and IE who are experiencing the issue.

Yes, I use the "remember me" check box, but thanks for asking. It's always good to be sure it's plugged in.

I realize you can't view cookies on the client side, but presumably you can look at what you asked to be stored in the cookie and what was returned to you to check for annomolies.

Does it make sense, for example, that I should be logged in, but have a cookie with a password but no userid? That was the situation I had, and on my next pages access I became logged out. It seems odd to me that there would be half of the login info present in the cookie, but I'll reiterate that I'm not versed in web programming so I don't know all the mechanisms for cookies. That said, I'm guessing you can ask for a cookie to be created with certain contents, fetch the contents of a cookie, and delete a cookie. Perhaps they can be edited, but the same could be accomplished with the other primatives.

I see the tractorbynet.com and www.tractorbynet.com cookies as well as classified.tractorbynet.com one. All have a [n] suffix which presumably to track generations.

I don't doubt that you guys aren't seeing the problem. It's clearly not impacting everyone, but that just means it's a somewhat rare set of events that causes it. Where ever the issue lies, it sure would be nice to figure it out, and you guys weighing in will help a ton.

 

[hayden]

I checked the expirations with Karen's tool. the www.tractorbynet[1].com.txt cookie has expiration dates a year out on all the keys. The tractorbynet.com[1].txt cookie has the _utmb key due to expire in a few hours.

For whatever it's worth, attached is an example of one of the half-baked cookies (password by no userid).

 

[MikePA]

Does it make sense, for example, that I should be logged in, but have a cookie with a password but no userid?

Yes, that's what I have.

 

[Hakim]

Hayden,

It will make no sense for you to try and read and understand all of the cookie data. As I said, there are going to be maybe up to 10 or 12 of them, not just one. There is encrypted data in all those cookies. You cannot understand it unless you are a C++ and HTML programmer.

It is beyond our expertise (Ibrahim, Muhammad, Hakim). We have forwarded the details of this issue to our database administrator. He is one of the best in this nation. He will look it over. However, as I have said, I am not optimistic that it is a server or forum software issue. Usually these are related somehow to your own background utilities, anti-virus checkers, and related programs.

Did you locate and delete ALL of the TBN cookies, restart the browser and log back in?

You would be astonished at the hundreds of processes that are running all the time, and all the Windows OS modifications that get made via updates, and especially "automatic" updates. Many add-on programs get linked in, especially to browsers, without telling you.

Until we can duplicate it from one of our own three locations or 11 PC's, I am afraid we are just guessing. It may seem logical that we should be able to "see" what it happening on your system, but we cannot. The only action of the server is to query your system ask ask if a cookie is present, then if so, to read it.

Many "security" software programs will add all kinds of restrictions, such as not allowing "referral" to other cookies and so forth. This could be part of the issue. Also, someone else mentioned their same problem was solved by getting fully up to date with Windows updates. Did you do that?

Texasjohn (also claiming this issue) said he is running COMODO SAFE SURF, COMODO FIREWALL, AVAST antivirus -- one or all of which can alter cookie behavior. BTW, dozens and dozens of "utilities" cause problems like this.

Here is a blurb on the first "utility":

Comodo SafeSurf Browser Toolbar
The Comodo SafeSurf Toolbar protects against data theft, computer crashes and system damage by preventing most types of Buffer Overflow attacks. This type of attack occurs when a malicious program or script deliberately sends more data to a target applications memory buffer than the buffer can handle - which can be exploited to create a back door to the system though which a hacker can gain access. Comodo developed the SafeSurf Toolbar explicitly to protect end-users from these kinds of attacks whilst they browse the Internet. After installation, the program will monitor and protect the memory space of all applications that are running on your system and immediately block any buffer overflow attacks.

"Protect memory space" would/could mean dumping out of a script call that it felt was "suspicious". There may be ways to tweak the settings of Comodo, or to list "exceptions" that will not be affected by the "safe surf" protections.

"Comodo Safe Surf Toolbar - not safe"

At least one expert site has issued a warning about various problems with Comodo: "After testing the toolbar ASG has found that the comodo toolbar saves your search history. You must manually clear it every time on your own. There is no automatic feature that deletes it for you... ASG considers this toolbar not to be safe because of this issue. A toolbar that is made for security should not contain a security flaw."

It is surely possible that this is somehow in confilct with TBN cookies.

I believe that Comodo toolbar utility is still in a beta version, and often beta versions install with default parameters that are excessively conservative. In any event, we have no way to know how all of these and other programs may be interacting with TBN.

There are some very high end tools that could be used on your machine to look at the actual execution of code. But we do not have the support staff to walk users through using those kinds of utilities.

It is also possible that your pagefile size, or Internet cache size, could be causing this. When was the last time you cleared your cache?

It is also possible that if you are using a "satillite" service for Internet access, or even one of the cable systems, their "page caching" could cause issues like this.

Usually the next debug step would be for you to log in via safe mode and if the problem goes away, you need to disable or uninstalll of of those system utilities; add them back one by one until the problem "re-appears." Then you'll know the cause.

Unless quite a few more than 3 or 4 (out of 350,000) users have the problem, or until our sysadmin provides further insight, we have expended as much resources of personnel as we can to try and assist with this issue.

I will post here again if I have new info to report.

Hakim

 

[hayden]

I understand the need to triage problems. I'll keep experimenting on my end to see if I can find anything that changes the behavior.

 

[Hakim]

We are continuing to look into this issue. We have determined that our server systems are operating properly.

We are now investigating the forum software parameters. Since there are so many features and operational aspects for our software, and many custom modifications, this will take some time.

We will update you if and as we discover more.

Hakim

 

[MarkV]

Hakim thanks for taking a closer look at the system. I am not enough of a computer guy to be of any help but it sure is frustrating having to log in 3 or 4 times per session. The part I could not understand was that TBN was the only forum this happened on for me. That said, I just switched to a new Mac from an older PC and I have not been logged out during the two days I have used it.

Hayden I still wonder if Muhammad has had it with us guys that have been on the forum so long.

Thanks,
MarkV

 

[hayden]

Hayden I still wonder if Muhammad has had it with us guys that have been on the forum so long.

Thanks,
MarkV

They'll have to try harder than that

 

[Fiero guy]

There was a MS automatic update that went out a few Tuesday's ago, that caused all sorts of havoc for internet users--both business and personal computers.

 

[TBDonnelly]

I'll raise my hand too. I keep getting logged out of TBN on a fairly regular basis.

Don

 

[Muhammad]

Try this:

1. Go to http://www.tractorbynet.com/photos/cookies.php

2. Click on "Delete these cookies" button.

3. Log in to the forums again.

Let me know if that helps.

 

[Fiero guy]

It just happened to me, but I had just spent about 20 minutes typing out a long reply to one of the discussions, so maybe the software saw it as me not being here anymore due the lack of activity on my mouse. Clicked "submit reply" and it took me to a "not logged in" page. The long post lost to the wind. Just as well I suppose.
BTW, brand new Dell computer, XP with all updates, no viri, no user software installed. IE6.0.6200.
Don