everytime i visit this forum and try to post a thread, i will be prompted to enter username and password. again and again. can the login cookies be remembered for a week or a month after i login ?
redhatlinux10 wrote:
> everytime i visit this forum and try to post a thread, i will be
> prompted to enter username and password. again and again. can the login
> cookies be remembered for a week or a month after i login ?
No, this forum is far more important than any of the other forums that
you visit so the security settings are, shall we say, extremely unusual.
(The importance may not be apparent to you but it is to the admins.)
I’d recommend using NNTP.
Only thing you can do is keep one browser window with a forums page on it open. I have one iconized during the whole day and can go then to forums pages and be loged in on them. Thus I log in only once a day.
This describes a vulnerability issue. More and more forums turn to having to login (at least) every time the browser is started, forums page opened.
this is annoying for me, at least.
What was much more annoying to a friend, was his hacked forums account, finding out about the fake posts and his being banned from his favorite forums. On a windu machine though.
i understand. appreciate for your reply.
It would appear that on Dec 4, hcvv did say:
> Only thing you can do is keep one browser window with a forums page on
> it open. I have one iconized during the whole day and can go then to
> forums pages and be loged in on them. Thus I log in only once a day.
How long is a whole day to you?
Pardon me for jumping in here but:
It seems to me that when I first set up a new copy of opera to login
{on a new install} And, since I don’t leave javascript turned on globally,
I had to edit the “site preferences” for each step of the process.
I think I needed forums.opensuse.org, opensuse.org, novell.com, & suse.com.
Anyway at one point before I had done them all, I seem to remember that Novell
mentioned a time limit to the login… It was as I recall several hours long,
but it did seem to imply that after that period it would expire…
Though perhaps activity automatically extends the login authorization?
But it’s almost a moot point as the NNTP interface is easier, even if a bit
less graphic. I wish the other forums I use had an NNTP gateway…
–
JtWdyP
On Tue, 04 Dec 2012 21:46:28 +0000, JtWdyP wrote:
> Though perhaps activity automatically extends the login authorization?
That is true now - a change was implemented a couple weeks ago that pokes
the authentication server and keeps the session active whenever you do
something once you’re logged in.
Jim
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
I can add to Jim’s remark, that indeed it is not allways the whole of my “working” day. Yesterday e.g. I hibernated my system for a feww hours and was loged out when I switch it on again. But for the purpose of the OP I thought that it is a huge improvement even if I did not tell him all the details.
Normally, you should have an inactivity window of 8 hours. However, I ran an upgrade to the login system on Monday, which introduced a bug that has forced me to restart the login system a few times this week. This clears everyone’s sessions, so that’s probably what you saw yesterday. I put in a patch yesterday that seemed to resolve the issue, so we should be back to business as usual.
knocks on wood
Just as an FYI on that…
The reason that you are asked to do javascript on the other sites is from a feature that was added a few weeks ago by the marketing team. Since we can’t use a single cookie across all those domains, we have a piece of javascript that will asynchronously request a small piece of content from each site that is fronted by Access Manager. This allows each domain to set a cookie, so you can get a better SSO experience across the different domains. It’s actually a pretty nice solution, and most people aren’t even aware that anything like that is going on.
Of course, you have noticed that if you have strict script settings, you’ll probably need to accept javascript from each of those domains to make it work. You really only need the opensuse.org javascript for the best experience on openSUSE sites. You don’t need to accept the Novell or SUSE javascript, but you may not get the seamless SSO experience when visiting those sites. Just wanted to make you all aware of what is going on and how you can choose your security settings accordingly.