• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed  ACP login bug

Ryan Kent

Well-known member
#1
I regularly leave my home pc logged into my site's ACP. When I return to the pc my session has often timed out. I am not sure how the inactivity timer is supposed to work but I would highly recommend when a timeout occurs the screen should be changed from the current ACP interface to the ACP login screen.

What happens presently is....I am on a given screen. I attempt to make a change and save it. The save fails with a message (sorry I don't have the exact message) and I am taken to the ACP login screen. My username/pw is already entered so I press log-in, and I am taken back to the screen I was working with last. I then re-make the change and save, and then receive a message "Security error occurred. Please press back, refresh the page, and try again." When I press back I am taken back to the ACP login screen, I once again press login and then one again receive the same Security error message. I am caught in a loop and need to retype my URL to fix it.

This issue occurs for me on a daily basis so I can definitely duplicate the error if needed.
 

PeterT

Active member
#2
That is so strange, I like yourself almost always have an ACP screen active, on sesion timeout I just log back in (as you say username and password already inserted by default on my local computer)

Never experienced the error you mention, using Windows 7 service pack 1 Google Chrome and Firefox.
 

Ryan Kent

Well-known member
#3
if it helps to know I am using Windows XP sp3 with FF 3.6.15

If the issue cannot be duplicated I can make a recording of what I am seeing. I'll await to see what Mike/Brogan have to share on the matter.
 

Brogan

XenForo moderator
Staff member
#4
The security error is due to an expired token.
Are you actually refreshing the page before attempting to log in again?
 

Ryan Kent

Well-known member
#5
yes I am certain I refreshed the page. I am logged in now so I'll just wait for it to happen again, then make a recording of my desktop.
 

Mike

XenForo developer
Staff member
#6
I can't reproduce this either - if you get logged out and log back in, it should let the form POST go through. If the request was just a get, then I suppose the browser could be returning a cached element.

That video might make it clearer, or a set of clear steps (exactly what you're doing/submitting, including what page you were on, etc).

I should also note that if the window is focused, you will stay logged in as long as needed.
 

Ryan Kent

Well-known member
#7
ok, thanks Mike. The issue just occurred for me again and I made a nice video of it. It is uploading now. When I am done I will put it into my /community folder and put up a link.

fyi the video is less then 2 minutes but it is 230mb. I know there is a way to compress it down but I don't have any video editing software, sry.
 

Brogan

XenForo moderator
Staff member
#9
From what I can see, the first time you received the error, you refreshed the page and then clicked back.
So once again you were trying to log in with the same expired token.
 

Ryan Kent

Well-known member
#10
That is not correct.

The video capture software I used shows a red starburst whenever a mouse click is made. If you watch the video again, please notice:

Attempt #1 - pressed back
Attempt #2 - pressed back, refreshed
Attempt #3 - pressed refresh, then back, then refreshed again
Attempt #4 - pressed back, refreshed
Attempt #5 - pressed log out of ACP, then logged in, issue resolved
 

Ryan Kent

Well-known member
#14
Is this really a bug? As you can see it is fixed after a logout-login.
A program not behaving as designed is the definition of a bug.

The program clearly instructs users to "press back, refresh, then try again". You can see those instructions were repeatedly followed, and variations were attempted, nothing worked.

If the intended behavior is as shown, I would recommend re-wording the displayed text, and after the security token expires the ACP should be changed automatically to the login screen.
 

Vincent

Well-known member
#15
A program not behaving as designed is the definition of a bug.

The program clearly instructs users to "press back, refresh, then try again". You can see those instructions were repeatedly followed, and variations were attempted, nothing worked.

If the intended behavior is as shown, I would recommend re-wording the displayed text, and after the security token expires the ACP should be changed automatically to the login screen.
Yeah, okay :)
Please re-login would be nice :D
 

Mike

XenForo developer
Staff member
#16
I've managed to fix this now - this only occurs if you left the ACP open (and inactive) for 24+ hours I believe (or you otherwise changed the user you were logged in as). That's why it doesn't happen to everyone.