WTF? Two-Factor Authorisation - Couldn't login

Discussion in 'Feedback' started by Athan, Aug 5, 2014.

  1. Athan

    Athan Resident Freddy

    For some reason yesterday these forums decided I was logged out.

    So, username/password, get 2FA challenge, pull phone out and enter that, now I'm on what looks like the account sign up page and it's complaining the username is already taken.

    Do the clear cookies and force-refresh dance - no change.

    Ended up disabling possibly interfering Chrome extensions: AdBlock, NotScripts, Ghostery, TamperMonkey. But still the same.

    Tried an Incognito window and for some reason that could login. After a bit more faffing I eventually used this to disable 2FA, and now I can login using a normal window with the extensions enabled.
     
  2. MYstIC G

    MYstIC G Official Licensed Lump of Coalâ„¢ Distributor Staff member Moderator FH Subscriber

  3. Deebs

    Deebs Chief Arsewipe Staff member Moderator FH Subscriber

    Strange, I am using Yubikey as my second auth method, @TdC also uses 2FA.

    I can see that you logged in at 11.22 and 11.26 with 2FA fine (according to the logs) and at 11.27 you disabled 2FA on your account. Not sure what else to suggest as you said you deleted the xf_session, xf_user, xffh_session cookies.

    Saying that I have had the exact same issue before and I cannot remember what I did on my end to fix it (client end). Btw, did you try a different browser?
     
  4. Athan

    Athan Resident Freddy

    I suspect the successful 2FA logins were when using the Incognito window, once just to test, and later when I decided to try switching 2FA off. Anything in your logs with regards to 2FA *other* than those times for me since you tweaked the cookie prefix yesterday ?

    The only 'other browser' I tried was Chrome in Windows, which didn't seem to exhibit the problem.
     
  5. Athan

    Athan Resident Freddy

    I just re-enabled 2FA, and logged in without issues using the rather old Firefox ('iceweasel') in Debian Wheezy. I'll try it again with Chrome....
     
  6. Athan

    Athan Resident Freddy

    Nope, still won't work with Chrome.

    For completeness that's "Version 36.0.1985.125" on Linux, running on Debian Wheezy (stable), with all current updates.
     
  7. Deebs

    Deebs Chief Arsewipe Staff member Moderator FH Subscriber

    You added a device last night around 10.22pm, then just successful authentication attempts.

    On this machine Chrome is on Win 8.1 and is version 35.0.1916.153. At home it is the latest version but cannot test until tonight. THere should be 5 cookies associated with FH,
    Code:
    _pk_id.xxxxx
    _pd_ses.xxxx
    uid
    xffh_notification
    xffh_session
    
    and if you click the "remember me" option when logging in:
    Code:
    xffh_user
    
    Since you tried it just now in Chrome and it failed I checked the logs and only see successful attempts so it is definately something to do with sessions but not sure what considering it works on FF.
     
  8. TdC

    TdC Trem's hunky sex love muffin Staff member Moderator


    lies! I do not have that stuff of that thing that you said that I may do be using of that thing. unless it's the google thing. which I may have. maybe.
     
  9. SheepCow

    SheepCow Bringer of Code Staff member Moderator

    You're not the only one that seems to have these issues, I believe it's something to do with an invisible form item being autofilled which confuses the hell out of the back end :/
     
  10. Ctuchik

    Ctuchik FH is my second home

    So what you're saying is that you're not at liberty to be free to deny the fact that such a thing may or may not be true?
     
  11. TdC

    TdC Trem's hunky sex love muffin Staff member Moderator

    I can neither confirm or deny your statement.
     
    • Informative Informative x 1
  12. Deebs

    Deebs Chief Arsewipe Staff member Moderator FH Subscriber

    Anything we can do to debug? For me it is working fine on Safari, Chrome and Firefox.
     
  13. SheepCow

    SheepCow Bringer of Code Staff member Moderator

    @Athan - can you send me the source (and URL) of the login pages as you login? I'm failing to reproduce the problem at my end although I've definitely seen it before.

    You'll want to **** out your password in the src of the page that you enter your 2-factor key!
     
  14. Athan

    Athan Resident Freddy

    I've PM'd Shee
    PM'd URLs to the saved files to you.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.