Jump to content

New forum sessions

Sparda

By Sparda
in Forums and Wiki

 Share

Recommended Posts

Sparda Newbie

Sparda

Posted
Posted

On the old forum, I could 'login' on three computers and the sessions would be perminant unless I loged out or deleted the cookie.

The new forum only seems to be be able to remember one session. I could copy the cookie to the other compters, but thats alot of effot.

Is this intentional or just the way the new forum is?

Also, just for fun, I oppend a old session on another computer and it logged me out of my current session.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Can we has SMF back please? We is sad without it...

kitten_die.jpg

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
  • Author
Posted

The forum been unable to manage sessions properly is getting rather irritating. Been able to login on my laptop at home then take that laptop else where (perhaps to some unsecured network) and use the same session is far more secure then sending my password over the unsecured network, this forum seems to refuse to let me do this.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
The forum been unable to manage sessions properly is getting rather irritating. Been able to login on my laptop at home then take that laptop else where (perhaps to some unsecured network) and use the same session is far more secure then sending my password over the unsecured network, this forum seems to refuse to let me do this.

Having the session transmit from another location vs entering your password from said location is no more secure than the other. Ferret and Hamster would capture the session and allow someone to login as you just by clicking a link in the browser, so unless its SSL traffic or some other encrypted transmission, any transmission of data on an unsecured network is pretty much public disclosure weather we want to admit it or not. No site should allow you to login based on continuously on the same session data anyway, otherwise it becomes a flaw that anyone can spoof your login. I found a site whos forums had session data show up un a google search one time and I was able to log on to the site as another user by using just the php session data, so each time you visit, it should change and not allo wyou to use the same session data or something a lot worse than me logging in as a general user could happen. Someone gets ahold of the admin session data and it relies persistent, then anyone can log on as the Admin.

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
  • Author
Posted
Having the session transmit from another location vs entering your password from said location is no more secure than the other. Ferret and Hamster would capture the session and allow someone to login as you just by clicking a link in the browser, so unless its SSL traffic or some other encrypted transmission, any transmission of data on an unsecured network is pretty much public disclosure weather we want to admit it or not. No site should allow you to login based on continuously on the same session data anyway, otherwise it becomes a flaw that anyone can spoof your login. I found a site whos forums had session data show up un a google search one time and I was able to log on to the site as another user by using just the php session data, so each time you visit, it should change and not allo wyou to use the same session data or something a lot worse than me logging in as a general user could happen. Someone gets ahold of the admin session data and it relies persistent, then anyone can log on as the Admin.

I'm going to use a phrase my friends laugh every time I use it at this point.

"Actually, I disagree"

If they steal my session, thats bad, if they steal my password, that is much worse. If some one steals my ssion they can pretend to be me, post as me and pm people, that stops as soon as I step in and click "logout" then login again on a secure connection. With out my password they can't change my password. Hence, much more secure.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
With out my password they can't change my password. Hence, much more secure.

Yeah, I can see your point there.

Link to comment
Share on other sites
Matt Lestock Newbie

Matt Lestock

Posted
Posted

There are security measures besides sessions.

For users, your login keys expire every 7 days if not used, your session is mached to your IP during session validation, among other things,

All of the other issues including sessions expiring, and not being able to login from multiple places should all be resolved now that we've corrected some settings in the cookie properties.

And if you want to quote a single post, you want to click REPLY. If you want to quote multiple posts click quote for each post you want quoted and then click add reply at the top or bottom.

SMF is garbage, and we will not be going back to it.

Matt

Link to comment
Share on other sites
SomeoneE1se Newbie

SomeoneE1se

Posted
Posted
SMF is garbage, and we will not be going back to it.

First off SMF is not garbage it worked just fine for the entire time we've used it, and just because y'all don't like it doesn't make it garbage. Second we've had more problems with this install of IPB in the first week then in the entire time we've used the SMF.

And what was the real reason for the move to IPB?

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
First off SMF is not garbage it worked just fine for the entire time we've used it, and just because y'all don't like it doesn't make it garbage. Second we've had more problems with this install of IPB in the first week then in the entire time we've used the SMF.

And what was the real reason for the move to IPB?

QFE!

We could have just skinned SMF to look like the new IPB forums. + We could have built upon it to add features you wanted from these forums, but in overall functionality, I think SMF worked better. Maybe it was harder to configure, or didn't have some feature you wanted, but I seriously do not like the new forums other than the look/skin/style of it. Everytime I come back, it seems there is a new post to view, only I go in, and have read all the ones I want to see. To fix it, I have to mark the thread as read, which is just silly to have to keep doing to see new posts. If I don't read a thread but viewed that section, SMF was smart enough to grey out the icon so I knew that there wasn't new topics to read. IPB doesn't seem to do this.

The reply area is too bulky and clumsy. I shouldn't have to scroll up and down so much. Quick reply is nice to some extent, but when you quote someone, you get this like 1000 pixel scroll down to hit the submit button with all these extra links and functions we never use. How many people are going to use that attachment function? Other than maybe some people with no hosting, but I can't see a need to have uploads for forum software other than to show your avatar.

SMF seemed faster, more light weight. IPB seems bulky and clumsy.

About the only new thing I like from it is the profile pages are a little nicer and have that friends and comment boxes so you can quickly chat with specific people, although, I think comments from mutual friends should be private two way conversations. I also like seeing who recently visited my profile, but these are all nice extras, but things that don't contribute to the functionality of the main forums themself.

Now, these are just my opinions. Please don't take offense, but I would say that there is a lot to be desired about SMF from a user's perspective. Maybe not so much form behind the scenes and the administration side of things, but for us, SMF seemed to be our sweet spot.

Maybe there should be a poll to see what the community thinks? What do they prefer? What ideas do we have that we would like to see change on IPB to better serve the functionality of the forums?

One unique thing about Hak5 is it is as much community run as it is anything else, so if we all sound like a bunch of whiny little bitches who complain about every little thing, it's because we all take so much pride in Hak5, the show, and the community side of things, liek the forums, IRC, etc.

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
  • Author
Posted

For me, the pressing the quote buttons add each message to the message I wish to add (by pressing the "Add Reply" Button near the bottom of the page. The reply buttons next to each page quotes on that that message, I actualy perfer this method.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...