cancel
Showing results for 
Search instead for 
Did you mean: 

Why do I have to login again with my OpenID?

VolkerBarth
Contributor
2,536

Just a slight issue:

From different machines, I had to redo my login with my OpenID since yesterday (FWIW, it's a verisign PIP one.) - This hasn't been necessary with other sites which use the same OpenID. Therefore I guess it is bound to this site and not to the OpenID itself.

Is there a certain reason for this?

VolkerBarth
Contributor

Another weekend - another time to re-login on this site ... (and again not for SQLA where I use the same OpenID).

May this be due to the fact that I have logged in to MySybase with other credentials lately?

I think this did appear the last time, too, to download an EBF (or to leave a DCX comment).

Just a suspicion: May logins on this site and MySybase do interfere somehow?

justin_willey
Participant

same here - 3 different computers all insisted on re-logging in yesterday (Saturday). I use MySybase authentication.

VolkerBarth
Contributor
0 Kudos

Me, too (2011-04-23 12:30 EST, if my timezone calculation is correct)...

VolkerBarth
Contributor
0 Kudos

...and again from three different boxes, from which I was logged in automatically to the former SQLA site with the same OpenID (again, again).

Therefore I still think the problem isn't bound to my cookie handling...

reimer_pods
Participant
0 Kudos

The same with me on 2 machines, no changes to cookie handling. Other sites seem to be keeping the setting.

VolkerBarth
Contributor

Time to re-login, again - but now I know the cause:)

Are there any plans to change the cookie expiration timespan (or update the cookie each time the site is visited), as Phil has suggested in his answer?

At least the current situation keeps me remembering my OpenID passphrase easily ...

Accepted Solutions (1)

Accepted Solutions (1)

graeme_perrow
Advisor
Advisor

This is fixed - the cookie will now expire after 1000 days. Note that this will not affect existing cookies, so it will take effect after the next time you log in.

Breck_Carter
Participant

Thank you thank you thank you... hooray for the little things!

Answers (3)

Answers (3)

Former Member

Look at your cookie. The one I just got today expires on May 10. On that day the chocolate chips will get all hard and brittle, the milk will sour, and I will have to log in to this site again. That would explain why people are having this problem every 2 weeks.

I'm not sure if the expiring cookie is intentional. Maybe Graeme can comment. Having it expire makes sense from a security standpoint, although maybe the cookie can be updated with a new one (if it hasn't expired) each time (or each day) the site is visited. That would make life easier for the folks that visit this site every day.

Note that my sqla.stackexchange cookie expires on October 26, 2011. So I think they'll have exactly the same behaviour, only once a year instead of once very 2 weeks.

VolkerBarth
Contributor
0 Kudos

Thanks for that clear explanation, Phil (though it makes me feeling somewhat foolish for not having checked that myself...).

Yes, the SQLA2 cookie seems to have a 14-day expiration timespan whereas the SQLA cookie does last for several months (and may get updated automatically). Therefore I would suggest to enhance the expiration time or make it update the cookie regularly.

MarkCulp
Participant
0 Kudos

The cookie explanation does seem reasonable, but it doesn't explain why I have not had to re-login for many many weeks? FWIW: I use my Google OpenID account and access this forum from three different computers.

Former Member
0 Kudos

Have you looked at your cookie? Does yours get updated each time you visit the site? Maybe your browser isn't expiring the cookie. Maybe the site is supposed to update the cookie but it doesn't work in Firefox 3 for some reason. I think that there are enough people having this problem that you might be in the minority here.

VolkerBarth
Contributor
0 Kudos

Well, ain't that classical:

Now the folks with the annoying need to re-login have a reasonable explanation for their real problem (and can hope for a solution) - and you have an explanation problem for not having been affected... They call it justice, methinks:)

MarkCulp
Participant
0 Kudos

I'm using Firefox 3.6.16 on this box and I haven't used this box to view this forum for at least a week and my cookie says it expires on May 11th.... so it would appear that it has automatically renewed itself.

VolkerBarth
Contributor
0 Kudos

I'm using the same FF version, and the forum cookie expires on May 10th. On a different box with IE8 (which I usually do not use to browse at all), the cookie expires on May 11th.

AFAIK my FF cookie handling options are set to default values, with one exception (but that is a default migration settting, methinks) - as displayed by "about:config":

Former Member
0 Kudos

FF 3.6.12 here. And after visiting the site again today the cookie is set to still set to expire on May 10th at 8:25 AM EDT. That is 2 weeks from when I logged in yesterday. I'm thinking we don't have 100% of the story, but Volker, Breck, Reimer, Justin, and I do appear to have cookies that don't get updated whereas Mark's cookies are updating. We have the same browser (close enough). So, what's the missing variable?

MarkCulp
Participant
0 Kudos

Ok, I'm going to have to be humble and state that I misread my cookie expiry date yesterday (I think). I checked my cookie again today (on my main work computer) and it says that it expires May 6th (not May 11th) - I.e. I must have read the '11' in the date as the day not the year ... [gripe] I wish the world would just standardize of Year-Month-Day when it comes to displaying dates and this type of mix-up would not occur! [/gripe]. So it would appear that I logged in last Friday (April 22nd) and that I am going to have to re-login again next week!

VolkerBarth
Contributor
0 Kudos

@Phil: Sorry, I moved the "accepted answer" to Graeme's answer as he delivered the fix whereas you had explained the reason...

One of the cases where 2 accepted answers were a "nice to have":)

MarkCulp
Participant

Your login is tied to a cookie stored by your browser. If you move to a different computer (or a different browser) then you will be required to login again because the site does not know who you are.

Also note that the browser cookie has an expiry date so if you have not used a computer/browser for a period of time (a month?) then the cookie will expire and you will need to login again.

VolkerBarth
Contributor
0 Kudos

I'm aware that I have to login with my OpenID once on every machine and browser. But I use three machines regularly (almost daily) to access this site, and on all three I had to re-login since yesterday. That has never happened before (nor all the time using SQLA), and I'm not aware of any system change that I would have done on all those boxes. And as stated, when accessing SQLA, a re-login hasn't been necessary.

But if there hasn't been any configuration change on this site, I'll accept it as a personal experience...

MarkCulp
Participant
0 Kudos

I also use several computers and I have not had to relogin. I use Google as my OpenID so perhaps there is something specific to Verisign?

Breck_Carter
Participant

OpenId is a PITA, but at least sqlanywhere-forum.sap.com is not as bad as my.sybase.com

...which makes me type my password every single day!


Seriously, please get rid of this expiry thing... it's overkill, sqlanywhere-forum isn't a banking site.

VolkerBarth
Contributor
0 Kudos

Well, for SQLA my OpenID has worked fine, and as such I do not really share the evaluation as a PITA:)

That being said, I strongly second your conclusion.

Breck_Carter
Participant
0 Kudos

Well, OpenID is a multi-step process, and the website is slowwwww... and it is a single-point-of-security-failure if you actually use OpenId for more than one site (I don't)... stay tuned for the news broadcast that OpenID has been hacked 🙂

VolkerBarth
Contributor
0 Kudos

No risk on my part, my usage of OpenIDs is limited as well:)