1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed ACP login bug

Discussion in 'Resolved Bug Reports' started by Ryan Kent, Mar 17, 2011.

  1. Ryan Kent

    Ryan Kent Well-Known Member

    I regularly leave my home pc logged into my site's ACP. When I return to the pc my session has often timed out. I am not sure how the inactivity timer is supposed to work but I would highly recommend when a timeout occurs the screen should be changed from the current ACP interface to the ACP login screen.

    What happens presently is....I am on a given screen. I attempt to make a change and save it. The save fails with a message (sorry I don't have the exact message) and I am taken to the ACP login screen. My username/pw is already entered so I press log-in, and I am taken back to the screen I was working with last. I then re-make the change and save, and then receive a message "Security error occurred. Please press back, refresh the page, and try again." When I press back I am taken back to the ACP login screen, I once again press login and then one again receive the same Security error message. I am caught in a loop and need to retype my URL to fix it.

    This issue occurs for me on a daily basis so I can definitely duplicate the error if needed.
     
  2. PeterT

    PeterT Active Member

    That is so strange, I like yourself almost always have an ACP screen active, on sesion timeout I just log back in (as you say username and password already inserted by default on my local computer)

    Never experienced the error you mention, using Windows 7 service pack 1 Google Chrome and Firefox.
     
  3. Ryan Kent

    Ryan Kent Well-Known Member

    if it helps to know I am using Windows XP sp3 with FF 3.6.15

    If the issue cannot be duplicated I can make a recording of what I am seeing. I'll await to see what Mike/Brogan have to share on the matter.
     
  4. Brogan

    Brogan XenForo Moderator Staff Member

    The security error is due to an expired token.
    Are you actually refreshing the page before attempting to log in again?
     
  5. Ryan Kent

    Ryan Kent Well-Known Member

    yes I am certain I refreshed the page. I am logged in now so I'll just wait for it to happen again, then make a recording of my desktop.
     
  6. Mike

    Mike XenForo Developer Staff Member

    I can't reproduce this either - if you get logged out and log back in, it should let the form POST go through. If the request was just a get, then I suppose the browser could be returning a cached element.

    That video might make it clearer, or a set of clear steps (exactly what you're doing/submitting, including what page you were on, etc).

    I should also note that if the window is focused, you will stay logged in as long as needed.
     
  7. Ryan Kent

    Ryan Kent Well-Known Member

    ok, thanks Mike. The issue just occurred for me again and I made a nice video of it. It is uploading now. When I am done I will put it into my /community folder and put up a link.

    fyi the video is less then 2 minutes but it is 230mb. I know there is a way to compress it down but I don't have any video editing software, sry.
     
  8. Ryan Kent

    Ryan Kent Well-Known Member

  9. Brogan

    Brogan XenForo Moderator Staff Member

    From what I can see, the first time you received the error, you refreshed the page and then clicked back.
    So once again you were trying to log in with the same expired token.
     
  10. Ryan Kent

    Ryan Kent Well-Known Member

    That is not correct.

    The video capture software I used shows a red starburst whenever a mouse click is made. If you watch the video again, please notice:

    Attempt #1 - pressed back
    Attempt #2 - pressed back, refreshed
    Attempt #3 - pressed refresh, then back, then refreshed again
    Attempt #4 - pressed back, refreshed
    Attempt #5 - pressed log out of ACP, then logged in, issue resolved
     
  11. Mike

    Mike XenForo Developer Staff Member

    Things got lost in the shuffle - can you reupload the video?
     
  12. Ryan Kent

    Ryan Kent Well-Known Member

  13. Vincent

    Vincent Well-Known Member

    Is this really a bug? As you can see it is fixed after a logout-login.
     
  14. Ryan Kent

    Ryan Kent Well-Known Member

    A program not behaving as designed is the definition of a bug.

    The program clearly instructs users to "press back, refresh, then try again". You can see those instructions were repeatedly followed, and variations were attempted, nothing worked.

    If the intended behavior is as shown, I would recommend re-wording the displayed text, and after the security token expires the ACP should be changed automatically to the login screen.
     
  15. Vincent

    Vincent Well-Known Member

    Yeah, okay :)
    Please re-login would be nice :D
     
  16. Mike

    Mike XenForo Developer Staff Member

    I've managed to fix this now - this only occurs if you left the ACP open (and inactive) for 24+ hours I believe (or you otherwise changed the user you were logged in as). That's why it doesn't happen to everyone.
     
    Oracle likes this.

Share This Page