PDA

View Full Version : Permission/Settings


jk2-digger
04-12-2002, 10:14 PM
JediKinghtII.net Forum:

First you make us have to have an account to search the forum.

Then you make us have to have an account to read the forum.

Then after detailing a post for over 20 minutes with accurate and insightful information to help users running dedicated servers of your product and clicking preview post your server told me to login in again b/c I was no longer logged in and I lost all of the details of what I had written.

Why?

Why?

-and-

Why?

This is not a user "functional" design and actually hinders the communities involved (the USENET, the Gamers, and the Admins).

Please reconsider these settings.

Metallus
04-12-2002, 10:23 PM
I've actually experienced this myself, and the way to avoid it is by doing this: Login where it says "Not cookied? Login with username and password" at the bottom of the main lucasforums screen (only appears when logged out). Make sure you've got cookies enabled.

jk2-digger
04-13-2002, 06:34 PM
Sorry, but I personally don't agree witht he idea of everything being stored ina cookie. Not only is this waste of resources, but also an incredible security risk. It may only be a forum, but someone can get passwords and other such info out of a cookie that can be used against you. Just my two cents.

matt--
04-13-2002, 07:45 PM
The only info stored in the cookie is your userid, not your username, and your password hash. How can that be used against you?

jk2-digger
04-14-2002, 01:13 AM
===============
The only info stored in the cookie is your userid, not your username, and your password hash. How can that be used against you?
===============

If that is the case how does it maintain your logged in status?

matt--
04-14-2002, 04:34 AM
You're authenticated each time you load up a page through the cookie. The page reads your hash and your id, compares them to the id and hash stored in the database. If they match, and your IP hasn't changed since your last login, it recognizes who you are...otherwise, it asks you to login.

If you're really paranoid, I suggest you configure your computer to periodically clear your cookies.