It's possible that this is not only the question but also the answer to the problem! If you use a link somewhere to get to the Forum, perhaps the cookies are not checked and you enter as a visitor. I have similar experience if I enter using the Files links.The problem seems to occur when coming in from a link to an email notification about a topic or private message.
). A few people are using over eager Internet providers (Verizon in the US is one of them) who seem to find it necessary to change the IP address of users at a rate that is just utterly silly. This can lead to loss of sessions, as the forum sofware thinks you are a different person then.
Indeed some members have told that they have lost a long message before it was finished. You have probably found the reason - I will make the same changes in the settings (and thanks to you Wens for giving the details in email!)You are for example in the middle of writing a post. It's a brilliant post, so you take some time, but in the meanwhile your IP address is changed. You press the submit button and suddenly it tells you to log in again... Highly annoying. I altered a setting in my forum, which solved this problem. Don't know if it's an issue here.
I think it's a security "feature",Jarkko wrote: However, I have noticed that if you come to the Forum
using the links on the front page of the Files,
then you have to log-in again.
I have not yet found explanation to this;
must be some kind of conflicting cookies.
What is meant by "IE's cross-domain security model"?
One of the principal security functions of a browser is to ensure that browser windows
that are under the control of different web sites cannot interfere with each other or access
each other's data, while allowing windows from the same site to interact with each other.
To differentiate between cooperative and uncooperative browser windows, the concept
of a "domain" has been created. A domain is a security boundary - any open windows
within the same domain can interact with each other, but windows from different domains cannot.
The "cross-domain security model" is the part of the security architecture that keeps windows
from different domains from interfering with each other.
The simplest example of a domain is associated with web sites.
If you visit http://www.microsoft.com, and it opens a window to http://www.microsoft.com/security,
the two windows can interact with each because both belong to the same
domain, http://www.microsoft.com. However, if you visited http://www.microsoft.com,
and it opened a window to a different web site, the cross-domain security model
would protect the two windows from each other. ...
-- http://www.microsoft.com/technet/securi ... 0-009.mspx
Does this vulnerability let a browser window read what's in another browser window?
Almost. In this case, the issue is the ability of a window to read a frame
that's in a different domain. A browser window can contain frames
- subdivisions of a window that operate independently of each other.
An example of a window that uses frames would be a web page
in which a navigation bar on one side of the screen stays fixed
while the content in the center of the screen changes as you make your selection.
The navigation bar is in one frame, and the content is in another.
If the frames belong to different domains, the IE cross-domain model
should protect them from each other.
However, in this vulnerability, flaws in two functions allow this protection to be breached.
What happens in this vulnerability?
In this vulnerability, a malicious web site opens a browser window on the user's computer.
Within that window, the site opens a frame, and displays a file from the user's local computer in it.
This is legitimate usage, but the window and the frame are in different domains
- the window is in the web site's domain, while the frame is in the local file system domain
- so the cross-domain security model should prevent them from reading each other's data.
However, implementation flaws in two functions allow the window to access the data
that is displayed in the frame. This would allow script running in the window
to send the contents of the frame to the malicious user's web site.
What's the flaw in the functions?
The functions do not check which domain the frame is in
before giving the window access to it.
-- http://www.microsoft.com/technet/securi ... 0-033.mspx
"Unauthorized Cookie Access" Vulnerability: Frequently Asked Questions
What's this bulletin about?
Microsoft Security Bulletin MS00-033 announces the availability of a patch that eliminates a vulnerability in Microsoft® Internet
Explorer. Under some conditions, the vulnerability could allow a malicious web site operator to access cookies that have been placed
on the computer of a visiting user by other web sites. Microsoft is committed to protecting customers' information, and is providing
the bulletin to inform customers of the vulnerability and what they can do about it.
-- http://www.microsoft.com/technet/securi ... 0-033.mspx
Code: Select all
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>LC Forum</title>
</head>
<body bgcolor="CADCEB" >
<br><br><br>
<a href="http://www.leonardcohenforum.com" >Goto LC Forum</a>
<form action="http://www.leonardcohenforum.com/ucp.php?mode=login" target="_blank" method="post" id="login">
<input type="submit" value="Login to LC Forum" />
<input type="hidden" name="username" value="YOUR-USERNAME" /><br>
<input type="hidden" name="password" value="YOUR-PASSWORD" /><br>
<input type="hidden" name="redirect" value="index.php" /><br>
<input type="hidden" name="login" value="Login" /><br>
</form>
</body>
