Here i will provide a summary of my last two posts.
Here is a list of problems that might influence the auto-log-out thing:
1) Server sets cookies incorrectly.
If you open http://i2pforum.i2p/index.php and see devtools request response info in network tab, you will see that:
(a) the cookies are for the domain i2pforum.net - wrong domain
(b) the cookies are marked as 'secure' - which is not good because it will only be sent over https, which is not applicable to i2p, so the cookie won't be sent at all.
It seems like the site is just proxied from clearnet. In that case i'd recommend somehow trying to rewrite the Set-Cookie http headers in responses, so that they are not marked 'secure' and set for the correct domain (i2pforum.i2p)
2) Server is multihomed?
Now the second thing that i have on mind is that this site (i2pforum.i2p) is a multihomed proxy to the clearnet site. How do i know that? I enabled 'Remember Me' when logging in sometimes, and then saw on the 'remember me keys' tab in user control panel that there are some IP addresses listed (exactly two), which all belong to i2p project.
This is just a guess, but maybe logout happens when the client chooses to connect to a different server(from the multihomed ones) than the one connected before.
If you do not manage to fix the cookie problem, you can (i guess) just remove the multihoming, and instead host i2pforum.i2p on only one of the servers.
Here is a list of problems that might influence the auto-log-out thing:
1) Server sets cookies incorrectly.
If you open http://i2pforum.i2p/index.php and see devtools request response info in network tab, you will see that:
(a) the cookies are for the domain i2pforum.net - wrong domain
(b) the cookies are marked as 'secure' - which is not good because it will only be sent over https, which is not applicable to i2p, so the cookie won't be sent at all.
It seems like the site is just proxied from clearnet. In that case i'd recommend somehow trying to rewrite the Set-Cookie http headers in responses, so that they are not marked 'secure' and set for the correct domain (i2pforum.i2p)
2) Server is multihomed?
Now the second thing that i have on mind is that this site (i2pforum.i2p) is a multihomed proxy to the clearnet site. How do i know that? I enabled 'Remember Me' when logging in sometimes, and then saw on the 'remember me keys' tab in user control panel that there are some IP addresses listed (exactly two), which all belong to i2p project.
This is just a guess, but maybe logout happens when the client chooses to connect to a different server(from the multihomed ones) than the one connected before.
If you do not manage to fix the cookie problem, you can (i guess) just remove the multihoming, and instead host i2pforum.i2p on only one of the servers.
Statistics: Posted by anikey — 29 Dec 2023 10:50