Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Logged in status does not persist (http://perlmonks.org/ + no "third party" cookie)

by parv (Priest)
on Apr 29, 2012 at 20:30 UTC ( #967973=monkdiscuss: print w/ replies, xml ) Need Help??

Since last few weeks, after logging on to http://perlmonks.org/ whenever I hit "vote" or "I've checked all these" buttons, I get the "Log in" form in the right hand column. Removal of the existing cookie & retry led to nowhere.

I have been using Opera 11 with "Accept cookies only from the site I visit" option chosen. One of others is "Accept cookies". If I choose the latter option, the logged in status persists.

So tell me please which *sites* try to give me a cookie here? Would starting from http://www.perlmonks.org/ be a better option (so that I could choose a narrower cookie acceptance window again while still being logged in here)?

Comment on Logged in status does not persist (http://perlmonks.org/ + no "third party" cookie)
Re: Logged in status does not persist (http://perlmonks.org/ + no "third party" cookie)
by roboticus (Canon) on Apr 30, 2012 at 13:36 UTC

    parv:

    Perhaps you should use perlmonks.com instead? I seem to recall having a similar issue a few years back when I was using the .org domain, as most of the links seem to reference the .org domain. Of course, I don't do web stuff, so I could be talking through my hat.

    ...roboticus

    When your only tool is a hammer, all problems look like your thumb.

      FWIW, the same code runs on .com/.net/.org, each of them set the same cookie but for different domains, so Corion can be logged into .org as "Corion", and as "Co-Rion" into .net and "Anonymous Monk" into .com

      What you probably experienced was someone linking to a different TLD using full url, instead of using a relative link (  [id://] )

        This is true, but doesn't fit as a solution to the problem stated as

        whenever I hit "vote" or "I've checked all these" buttons

        ... because these buttons should submit to the same domain the original page was served from. Vote buttons or the "I've checked all these" shouldn't be visible for domains where you are not logged in.

        I don't have any experience with Opera so I don't know if deleting a cookie once blocks it for all time like with Firefox. I think that Perlmonks sends a cookie to whatever domain you've used to log in - maybe there is some tool for Opera to inspect what headers get received from the server when logging in and whether Opera actually considers the cookie to be valid for the current page...

        Update: The easiest explanation would be a wonky localtime setting on the machine. If the cookie is sent with a timeout that is (according to the machine) in the past, the browser would immediately discard the cookie.

Re: Logged in status does not persist (http://perlmonks.org/ + no "third party" cookie)
by parv (Priest) on May 01, 2012 at 16:04 UTC

    After a tcpdump, I saw that after perlmonks.org has been resolved to an IP address, that (IP address) gets resolved to perlmonks.pair.com host name. Hence the cookie problem with using "Accept cookies only from the site I visit" option but not with "Accept cookies".

    Now, if log in on perlmonks.pair.com AND choose "Accept cookies only from the site I visit" option, I have no more ephemerally logged in problem.

      Ah, so the problem is that reverse DNS is broken. I'll have to file a ticket with pair.com and perhaps a request with the host of our DNS config (I'm not sure the host of our DNS can even do anything regarding reverse DNS).

      Thanks.

      You should probably file a bug against your browser, since rejecting cookies based on reverse DNS is something that one should at least be able to disable (and that probably shouldn't be enabled by default). My guess is that it is some attempt at "security" but it seems rather pointless (as well as disruptive).

      - tye        

        Ah yes, "reverse DNS" is the phrase.

        I just checked in Firefox 12.0, where turning off "Accept third-party cookies" while "Accept[ing] cookies from sites" did not cause the problem observed in Opera.

Re: Logged in status does not persist (http://perlmonks.org/ + no "third party" cookie)
by tinita (Parson) on May 01, 2012 at 23:04 UTC
    I'm also using opera, version 11.62 on linux, and I also use "Accept cookies only from the site I visit", and I don't have that problem, not on perlmonks.org and not on www.perlmonks.org.

      Quite possibly you may be accessing 216.92.34.251, not 209.197.123.153 ...

      # Reverse DNS lookup. { dig -x 216.92.34.251; dig -x 209.197.123.153 ; } | awk '!/^;;/ && /p +erlmonks/' 251.34.92.216.in-addr.arpa. 7122 IN PTR perlmonks.org. 153.123.197.209.in-addr.arpa. 7192 IN PTR perlmonks.pair.com.

      ... if you are accessing the 209 IP address, I would be very interested to compare the Opera settings.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: monkdiscuss [id://967973]
Approved by davies
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (9)
As of 2014-10-30 23:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (211 votes), past polls