What version of SMF was running on the old site? I can try doing a quick diff to see if anything’s changed in the logout module.
Realized just after my post that I could just check an archive.org snapshot of the forum. Looks like it went from 1.1.16 to 1.1.21. To spaghetti land I go…
Luckily not much was changed so it was pretty easy to track it down.
In 1.1.19 they added some code in LogInOut.php that changes the users password salt whenever you log out. When you switch to another browser, the hash matching fails since it was generated with a different salt, and you get logged out.
The offending code is at lines 463-464. I have no idea how to make a modification for SMF but I guess you could just try commenting out those lines to start with, to see if it works.
The call to session_destroy() on line 462 is also added in that change, but I would expect that is independent for each browser session so I don’t think that’s causing any issues.
bmnielsen, you rock!
I just get angry when I look at SMF code. :wink:
I’ll see what I can do but it seems like this might be a security fix/hack.
Yeah, I thought of that as well. The changelog just says “Sessions weren’t always cleaned up properly on logout” though, which doesn’t really indicate a security issue. I’m thinking that adding the session_destroy was the important thing for that.
Update? Were you able to fix everything on the forum side? Should I revert the changes I made to TripleA to remove the logout step?
No. I’m not going to have time to touch anything until after GenCon.
Alright, well we are planning to release the next stable version of TripleA shortly. Did you want me to release the change to remove axisandallies.org session logout when posting games?
Alright, well we are planning to release the next stable version of TripleA shortly. Did you want me to release the change to remove axisandallies.org session logout when posting games?
Yes, let’s try that.
I got around to posting a failing turn summary in debug mode. The forum is just returning 404 not found with no additional information. I believe this is in line with what someone else reported earlier when they were manually attaching a file.
So not really anything to do about it in TripleA, besides potentially showing a different message when that happens.
1.8.0.7 is now released and it removes the TripleA log out call so if you download it you should no longer be logged out every time you post a turn.
Doesn’t work… won’t load games. Tells me there is no dice server.
All issues should be resolved now with 1.8.0.7. You should also no longer get logged out of A&A.org when posting turns from TripleA. Let me know if anyone still has issues related to this.
My thanks to all those involved in sorting out these issues. Very much appreciated I am sure by everyone. :-)
