Handmade Network»Forums»Site Feedback
Simon Anciaux
1335 posts
[BUG] Login from the home page display an error page
If I try to log in from the home page, it fails and display this page:

Note that on the homepage the https icon as a small yellow triangle.

It works from other pages (no yellow triangle on the https icon).
Jeroen van Rijn
248 posts
A big ball of Wibbly-Wobbly, Timey-Wimey _stuff_
[BUG] Login from the home page display an error page
Edited by Jeroen van Rijn on
mrmixer
If I try to log in from the home page, it fails and display this page:

Note that on the homepage the https icon as a small yellow triangle.

It works from other pages (no yellow triangle on the https icon).


Ironically, that yellow triangle is due in part to your image here not being server over https ;-) I suppose we could disallow img tags pointing to http, but that's not very user friendly.

That said, it has nothing to do with the missing CSRF tag. I'll look into why that is.

Edit:
I've looked into it and at both https://handmade.network/home and https://handmade.network/_login the CSRF token is present and I can log on just fine. Put differently I can't replicate the bug. Indeed a while back I went through this code to make sure that if you try to log on from a subdomain, the logon request went to that same subdomain to prevent precisely this error, and this is the first report I've seen since suggesting there's still a possible bug there.

Even so, if I log out and try to log in from either those locations, I just can't replicate it. At least not in the normal case.
There is a way to replicate the bug that's rather convoluted:
- Load the homepage
- Load another page on the site in another tab
- Now try to log in on the first tab, with the previous step having generated a new CSRF token and expiring the previous one

If however I log in first or log in on the last tab I opened, I can't replicate this. Alternatively the tab with the homepage open may just have been sitting there too long, in which case the CSRF token has expired as well.

So really I think what should happen is that I replace that error page with something more informative that says the logon token has expired, suggesting that you refresh the page and try again. Tinkering with the CSRF logic to solve this 'non bug' would undermine security, when what's really happening is that it's working as intended but the error message could be a bit more informative.
Simon Anciaux
1335 posts
[BUG] Login from the home page display an error page
I figured out after posting that I was part of the problem for the https thing ^^. But I don't thing I can configure my server to use https.

If I understand you correctly, when I open a page, there is a time limits to log in ? (I don't know much about secure web things).
Simon Anciaux
1335 posts
[BUG] Login from the home page display an error page
Just to let you know, I still have this problem while login in from the home page, and also when doing a search from the home page.
Jeremiah Goerdt
208 posts / 1 project
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.
[BUG] Login from the home page display an error page
I have this issue as well. After seeing this page, I can go to the homepage and I'm logged in just fine. If I open a new tab or window and navigate back to the homepage, I'm logged out again, and on login, I get the same error page.
Allen Webster
476 posts / 6 projects
Heyo
[BUG] Login from the home page display an error page
Edited by Allen Webster on Reason: more accurate
I've hit this issue logging in from pages other than the "/_login" page a few times over the last few days.
Jeroen van Rijn
248 posts
A big ball of Wibbly-Wobbly, Timey-Wimey _stuff_
[BUG] Login from the home page display an error page
Mr4thDimention
I've hit this issue logging in from pages other than the "/_login" page a few times over the last few days.

Curious, that should've been fixed. I'll look into it after new year's. Thanks.