• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Links within SFDC return to Log In page...

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Comments // Problems etc.

View previous topic :: View next topic  
Author Message
Crystal_Sky
Just Arrived
Just Arrived


Joined: 06 Mar 2005
Posts: 7
Location: New York - USA

Offline

PostPosted: Sat May 14, 2005 11:16 pm    Post subject: Links within SFDC return to Log In page... Reply with quote

In certain instances when I attempt to follow an in house link to another thread, I am redirected back to the Log In page. I have used a workaround by highlighting the hyperlink to get the thread ID number, and adding the topic ID to the URL, but it would be nice if I could just "link."

Any ideas? Solutions?

Win XP Pro
IE6 SP2
NIS 2003
BOClean
Spybot SD Resident (TeaTimer)
SFDC in Trusted Zone (ONLY item there)
Back to top
View user's profile Send private message
Colonel_Panic
Just Arrived
Just Arrived


Joined: 13 May 2004
Posts: 2


Offline

PostPosted: Sun May 15, 2005 3:22 am    Post subject: Reply with quote

Are you using a proxy? Does this happen absolutely every time?

In my case, when I surf through Tor, links sometimes (not every time) get redirected to login page and then to the actual target page (and sometimes to wrong page).

One more thing: Does this happen even if login is not required to read the the link target?
Back to top
View user's profile Send private message
Crystal_Sky
Just Arrived
Just Arrived


Joined: 06 Mar 2005
Posts: 7
Location: New York - USA

Offline

PostPosted: Mon May 16, 2005 12:24 am    Post subject: Reply with quote

Hello Colonel_Panic,

Thank you for your reply, but no, I am not using a proxy. It seems to be an anomaly with PHP boards and something in my security setup. I have tried many workarounds in various combinations, but average 7 out of 10 links are redirected to the Log In page.

Regards,
CS
Back to top
View user's profile Send private message
UziMonkey
SF Reviewer
SF Reviewer


Joined: 19 Dec 2003
Posts: 5


Offline

PostPosted: Mon May 16, 2005 12:37 am    Post subject: Reply with quote

Are you blocking cookies? You can technically log in without cookies, if the session ID gets saved in the URL. Is your browser not sending the cookies for what it thinks is another site? My guess is that this would be related to cookies, somehow..
Back to top
View user's profile Send private message Visit poster's website
Crystal_Sky
Just Arrived
Just Arrived


Joined: 06 Mar 2005
Posts: 7
Location: New York - USA

Offline

PostPosted: Mon May 16, 2005 12:57 am    Post subject: Reply with quote

Hello UziMonkey,

No, it is not a cookie problem either. At one time I thought it was as well. Another PHP board had a block of IPs from my provider (Verizon) blocked, and once that was removed I was okay.

*Sigh*

Just thought of something else though:
Because the links open into a new window, could this have something to do with it? If so, how can I rectify the problem?
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Mon May 16, 2005 1:51 am    Post subject: Reply with quote

Hello Crystal_Sky,

Thank you for bringing this to our attention. We will look into this, to try and find out where the problem is.

Are you able to tell us under which general conditions does the problem manifest itself? For example, "it only happens when I do this and that first", or "it only happens after a while" or whatnot. Or is it just seemingly random, "sometimes it works, sometimes it doesn't"?

Have you experienced this problem for a long time now, or did it just start recently?

I am assuming this only happens when you try to access areas where you would need to log in - such as the Search features, Members section, etc. Is that correct?

Could it be due to the login timeout? That is, have you noticed if it only happens after a long time of inactivity on the site? For example, like when you're typing a lengthy post for 10 minutes, and when you click on Submit it asks you to log back in; or when you've got a browser window open on the site but you're not doing anything for a while, then when you come back and try to do something it will ask you to log back in?
Back to top
View user's profile Send private message
dannyboy 950
Lurker
Lurker


Joined: 27 Dec 2004
Posts: 10
Location: Port Arthur Texas

Offline

PostPosted: Mon May 16, 2005 3:37 am    Post subject: Reply with quote

I had a MSN Group that did the same thing it cleared up on it's own.
We did find that it wasn't a cookie problem or credentials. We wrote it off as anuther MSN glitch. But this post sheds a different light now.
Back to top
View user's profile Send private message
Crystal_Sky
Just Arrived
Just Arrived


Joined: 06 Mar 2005
Posts: 7
Location: New York - USA

Offline

PostPosted: Mon May 16, 2005 3:49 am    Post subject: Reply with quote

Hello capi,

It has been happening since I (re)joined in March. I am creating a Permit rule in NIS for SFDC, let's see if that works. Please also see your PM first.

Thank you,
CS

EDIT: NIS Permit Rule did no good. I gave full permission In/Out and still no go.
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Mon May 16, 2005 4:15 am    Post subject: Reply with quote

Hmm... well, it was worth a try.

Have you tried disabling the content blocking features such as anti-popups, anti-ads and stuff? Those are independent from the IP rules, and sometimes they may prevent you from logging in to certain sites.

It should be possible to set an exclusion for a site so that the firewall doesn't try to kill popups etc from that site, but it's been a long time since I've used NIS so I can't really say for sure how to do so.
Back to top
View user's profile Send private message
Crystal_Sky
Just Arrived
Just Arrived


Joined: 06 Mar 2005
Posts: 7
Location: New York - USA

Offline

PostPosted: Mon May 16, 2005 5:18 am    Post subject: Reply with quote

Hello capi,

I completely disabled NIS and still encountering the difficulty. I have the site in the Trusted Zone, SP2's pop-up blocker allowed, any NIS setting for content given carte blanche, and no joy... Rolling Eyes

Okay, new twist - this is very odd - there is NO cookie in C:\Documents and Settings\Crystal Sky\Cookies for SFDC. Perhaps someone can be kind enough to upload the cookie for me and see if this will do the trick. I promise I will preserve it with the utmost care! Very Happy

I allow cookies and have cookies, but none for here.
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Mon May 16, 2005 3:06 pm    Post subject: Reply with quote

Hmm... Well, if I'm not mistaken, our site only uses session cookies by default - I never really looked much into it as I've got Firefox set to treat all cookies as if they were session, but I'm fairly sure that is the case with SFDC. You may want to try checking the "Remember me" checkbox that appears at our homepage before logging in, that way you should get a permanent cookie. Who knows, it may allow you to sidestep the issue and just be logged in all the time.

Incidentally, as a matter of curiosity, have you tried accessing SFDC through a browser other than IE? Just to rule out a matter of some hidden misconfiguration, bug, or whatnot with IE itself. I would suggest you try installing Firefox, if you don't already have it. Apart from the interest in trying with a different browser to see if the problem persists, Firefox itself is an outstanding browser - much better than IE in my opinion. Give it a try, even if it doesn't solve the problem (it just might, who knows), you'll probably like using it for your regular day-to-day browsing (just try clicking on links with the middle mouse button, or the wheel if you have one, for one of Firefox's most useful features).
Back to top
View user's profile Send private message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Tue May 17, 2005 6:57 pm    Post subject: Reply with quote

I use IE here on SFDC about 95% of the time with no problems. I have easy access to links opening in seperate windows, and also visit other sites in seperate windows without problems.

I suspect you need to go to Tools|Internet Options|Advanced and look under the Security settings to insure that only the following are checked out of the many options listed...


    Check for publisher's certificate revocation.
    Check for signitures on downloaded programs.
    Enable Integrated Windows Authentication
    Enable Profile Assistant.
    Use SSL 2.0
    Use SSL 3.0
    Warn about invalid site certificates.
    Warn if forms submittal is being redirected.


My browser is optimized to be used for both this site and secure banking as well. I have Firefox on my system, but haven't yet optimized it yet for secure banking (lazy that I am) Laughing
Back to top
View user's profile Send private message Visit poster's website
Crystal_Sky
Just Arrived
Just Arrived


Joined: 06 Mar 2005
Posts: 7
Location: New York - USA

Offline

PostPosted: Fri May 20, 2005 2:47 am    Post subject: Success!! Reply with quote

PCWriter wrote:
I use IE here on SFDC about 95% of the time with no problems. I have easy access to links opening in separate windows, and also visit other sites in separate windows without problems.

I suspect you need to go to Tools|Internet Options|Advanced and look under the Security settings to insure that only the following are checked out of the many options listed...


    Check for publisher's certificate revocation.
    Check for signatures on downloaded programs.
    Enable Integrated Windows Authentication
    Enable Profile Assistant.
    Use SSL 2.0
    Use SSL 3.0
    Warn about invalid site certificates.
    Warn if forms submittal is being redirected.


My browser is optimized to be used for both this site and secure banking as well. I have Firefox on my system, but haven't yet optimized it yet for secure banking (lazy that I am) Laughing
Thanks PCWriter, for the IE backup! Very Happy I'll go public and say I prefer it as well, and never have a problem with it. I have no problem changing the settings if I feel like a quick game at http://ferryhalim.com/orisinal/ for instance. Razz

I do have IE a bit tighter than you, but IE was not the problem. I created a new PERMIT the kitchen sink rule for SFDC a few days ago in NIS > NPF > Advanced > General with the site's IP, and somewhere this week it must have finally kicked in. For the first time today, NIS popped up and asked a Permit for the SFDC cookie. It has never done that before. Of course I gave it the Always Permit, so I should be okay now. I also ran to the cookie jar and copied it to the desktop, so now I've got it! Very Happy

Everything is working the way it should now. Good heavens, IE6 and NIS - what a combination, but I am happy with both!

Regards,
CS
Back to top
View user's profile Send private message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Fri May 20, 2005 2:51 am    Post subject: Reply with quote

I'll not give my thoughts on NIS since you are quite happy with it. Smile

I had a nagging feeling that your firewall was blocking cookies, but you stated it wasn't so. Only other option was your IE settings since I know the site is functioning correctly.
Back to top
View user's profile Send private message Visit poster's website
Crystal_Sky
Just Arrived
Just Arrived


Joined: 06 Mar 2005
Posts: 7
Location: New York - USA

Offline

PostPosted: Fri May 20, 2005 4:08 am    Post subject: Reply with quote

PCWriter wrote:
I'll not give my thoughts on NIS since you are quite happy with it. Smile

I had a nagging feeling that your firewall was blocking cookies, but you stated it wasn't so. Only other option was your IE settings since I know the site is functioning correctly.

I'm hardened to NIS bashing already. Wink Still using 2003 which was the last decent year.

I have cookies set to permit, but as we know, NIS sets its own rules every now and then... Smile

I think the trick was in creating the rule, deleting it and recreating it again. In this way it forces NIS to start from scratch again begging permissions. I would like to find out some day why this only occurs on php boards though. Well, now it's a protected cookie, and even after closing out the browser a few times, she's still there.

Thanks to all who pitched in, I appreciate the help.
CS
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Comments // Problems etc. All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register