handmade.network » Forums » Site Feedback » [BUG] Login from the home page display an error page
mrmixer
Simon Anciaux
220 posts
#8189 [BUG] Login from the home page display an error page
11 months ago

If I try to log in from the home page, it fails and display this page:

Note that on the homepage the https icon as a small yellow triangle.

It works from other pages (no yellow triangle on the https icon).
Kelimion
Jeroen van Rijn
229 posts
3 projects

A big ball of Wibbly-Wobbly, Timey-Wimey _stuff_

#8191 [BUG] Login from the home page display an error page
11 months ago Edited by Jeroen van Rijn on Aug. 23, 2016, 3:13 p.m.

mrmixer:
If I try to log in from the home page, it fails and display this page:

Note that on the homepage the https icon as a small yellow triangle.

It works from other pages (no yellow triangle on the https icon).


Ironically, that yellow triangle is due in part to your image here not being server over https ;-) I suppose we could disallow img tags pointing to http, but that's not very user friendly.

That said, it has nothing to do with the missing CSRF tag. I'll look into why that is.

Edit:
I've looked into it and at both https://handmade.network/home and https://handmade.network/_login the CSRF token is present and I can log on just fine. Put differently I can't replicate the bug. Indeed a while back I went through this code to make sure that if you try to log on from a subdomain, the logon request went to that same subdomain to prevent precisely this error, and this is the first report I've seen since suggesting there's still a possible bug there.

Even so, if I log out and try to log in from either those locations, I just can't replicate it. At least not in the normal case.
There is a way to replicate the bug that's rather convoluted:
- Load the homepage
- Load another page on the site in another tab
- Now try to log in on the first tab, with the previous step having generated a new CSRF token and expiring the previous one

If however I log in first or log in on the last tab I opened, I can't replicate this. Alternatively the tab with the homepage open may just have been sitting there too long, in which case the CSRF token has expired as well.

So really I think what should happen is that I replace that error page with something more informative that says the logon token has expired, suggesting that you refresh the page and try again. Tinkering with the CSRF logic to solve this 'non bug' would undermine security, when what's really happening is that it's working as intended but the error message could be a bit more informative.
mrmixer
Simon Anciaux
220 posts
#8201 [BUG] Login from the home page display an error page
11 months ago

I figured out after posting that I was part of the problem for the https thing ^^. But I don't thing I can configure my server to use https.

If I understand you correctly, when I open a page, there is a time limits to log in ? (I don't know much about secure web things).
mrmixer
Simon Anciaux
220 posts
#9286 [BUG] Login from the home page display an error page
8 months, 2 weeks ago

Just to let you know, I still have this problem while login in from the home page, and also when doing a search from the home page.
CaptainKraft
Jeremiah
143 posts
2 projects

Father, husband, C programmer, and Linux apologist. Think before you code.

#9553 [BUG] Login from the home page display an error page
7 months, 4 weeks ago

I have this issue as well. After seeing this page, I can go to the homepage and I'm logged in just fine. If I open a new tab or window and navigate back to the homepage, I'm logged out again, and on login, I get the same error page.

Build a man a fire, he'll be warm for a day.
Set a man on fire, he'll be warm for the rest of his life.
Mr4thDimention
Allen Webster
253 posts
2 projects

Heyo

#10104 [BUG] Login from the home page display an error page
6 months, 3 weeks ago Edited by Allen Webster on Dec. 29, 2016, 4:05 a.m. Reason: more accurate

I've hit this issue logging in from pages other than the "/_login" page a few times over the last few days.
Kelimion
Jeroen van Rijn
229 posts
3 projects

A big ball of Wibbly-Wobbly, Timey-Wimey _stuff_

#10111 [BUG] Login from the home page display an error page
6 months, 3 weeks ago

Mr4thDimention:
I've hit this issue logging in from pages other than the "/_login" page a few times over the last few days.

Curious, that should've been fixed. I'll look into it after new year's. Thanks.