Auto-Login Suggestion

Forum registration problems? Need help with creating a post? Want to send suggestions of improvements to Blur Busters Forums? Tell us here!
Post Reply
Joel D
Posts: 158
Joined: 25 Apr 2020, 19:06

Auto-Login Suggestion

Post by Joel D » 11 May 2020, 23:07

Having to Log in every single time I get a email and just want to read the thread is a bit annoying. Most other bigger named forums don't do this.

Once clicking on the link of your subscribed thread in the email you receive, it should take you directly to the first unread post in the thread. BUT you're only able to read as a guest. If you want to reply (or visit your CP, etc), you of course then need to sign in. But if not, you should be able to comb the forums just normally as a guest. This is how all good forums are.

Reasoning is, sometimes I just want to quickly get to the thread and read it, then close down and come back later to respond. But making me log in just to read it is putting more burden on me than a guest that is here reading, as they don't need to sign in to read. Right ?

I request please that this gets changed if you all feel the same way. Thank you -

User avatar
Chief Blur Buster
Site Admin
Posts: 11647
Joined: 05 Dec 2013, 15:44
Location: Toronto / Hamilton, Ontario, Canada
Contact:

Re: Auto-Login Suggestion

Post by Chief Blur Buster » 12 May 2020, 16:30

You can automatically log in by enabling the "Remember me" checkbox in the login screen (After logging out first):

Image

If this is not working for you, please clear your cache/cookies and/or whitelist Blur Busters in your ad blocker, and try logging in again.

After you do this, any link you click from email, will already have you logged in the same browser.

If you are using an iPhone, remember that for the built-in email-app browser (e.g. GMAIL app) and for the Safari browser, you need to repeat these steps once for each browser you use. The separate browser (GMAIL in-app browser versus Safari browser) often memorizes the cookies separately so you have to do the checkbox twice separa0tely for these two browsers. That's without using the iCloud password manager built into iDevices.

If all these suggestions fails, please tell me which browser you are using (in-app or standalone, and which device), so I can look into why it's causing problems for you.

This year, these forums plans to add optional Facebook / Google Connect (in addition to regular email registration), so that you can have additional remember-login options. The aim is to also integrate one unified login for both the main website and the Forums website, with one login / one password.
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter

Image
Forum Rules wrote:  1. Rule #1: Be Nice. This is published forum rule #1. Even To Newbies & People You Disagree With!
  2. Please report rule violations If you see a post that violates forum rules, then report the post.
  3. ALWAYS respect indie testers here. See how indies are bootstrapping Blur Busters research!

Joel D
Posts: 158
Joined: 25 Apr 2020, 19:06

Re: Auto-Login Suggestion

Post by Joel D » 12 May 2020, 18:44

Thanks for your suggestions and response. Well my issue is its more how I use my browsers I think. Your suggestions are valid for the average Joe citizen, lol, but not for me. I always use (and always will) private browsing. I clear all cookies and caches after each web surfing times I have. So to my understanding, at most "keep me logged in" places, this never works when in Private mode.

I 100% for sure will never use password managers. Thats just a breech waiting to happen (IMO). And I don't use social media places or anything google related (government ways to spy on us all). I enjoy my right to privacy.

Anyway, opinions aside, like I said, most forums I'm part of don't insist you are logged in to just read/view. I don't see any possible harm in this set up considering so many extremely popular ones do this. Cause to spam, or do anything like that (that you may be afraid of), one would need to then be logged in. I just want to view/read sometimes and skip the login process BUT come in at it from a direct link.

Checking 5-10 responses a day with mandatory log in for each time is a bit strenuous IMO. Just mentioning it is all. A suggestion.

BUT yes I agree about the one login thing. Man, I can't stand places that do that. lol Sony does that. Like I need 3 different usernames and passwords to take advantage of their entire site (buying/rewards/discussions) - Its stupid. I want to log into Sony and thats it.

User avatar
Chief Blur Buster
Site Admin
Posts: 11647
Joined: 05 Dec 2013, 15:44
Location: Toronto / Hamilton, Ontario, Canada
Contact:

Re: Auto-Login Suggestion

Post by Chief Blur Buster » 12 May 2020, 19:30

That's why I will always keep email login -- not everyone wants Facebook or Google -- so I plan to give users a choice of continuing email logins as today...

It's very challenging to provide a safe "Remember" feature for private browsing.

Hackers are constantly trying to attack Blur Busters too, and any weakenings I do for Private Browsing ease, can provide new attack vectors. So I'm toeing a fine line here on my point of view, to try to protect the information / database at Blur Busters in this cat and mouse game.

Including including your session ID for links emailed to your own private email. This makes login convenient. But has been an attack vector by hackers on different forums -- especially the Admin/moderator mailboxes (even with 2FA enabled) with many attack attempts occuring on all of us combined, our phones, our emails, forums, web, etc. Once an attacker has access to one of the moderator mailboxes, they can practically delete all posts in the entire forums that the moderator has access to (Because of required priveleges to edit/delete posts and ban rule-breaking forum members / spammers). Or simply covertly retroactively edit discreet links in other people's posts (to advertisements). "SEO hacking" type endeavours that may go undetected for weeks. There are hourly backups made of the entire forums, but some of those hackers are amazingly discreet and some forums didn't notice until weeks or months later...

Theoretically I could create custom source code to allow a sort of an email-specific "session ID"-like feature embedded in links only for emails to non-priveleged members. So that clicks in owned emails goes to an autologin even in private browsers. But it has to become a very high-demand-feature before I can expend funds on creating custom software that makes this safe, without opening new attack vectors on Blur Busters.

There are many ways to make this safer but the plugin doesn't exist at this time for phpbb that meets my acceptable needs.

Even the login-merger is a careful planning move that needs awareness of security considerations versus convenience too. Linking two databases creates potential new security attack vectors that keeps me awake at night. The security holes of two software packages combined creates a bigger attack target for both sites, if not done properly. So merging logins is not a stress-free process for a business even if it reduces user stress. It must be planned carefully and security-audited well -- I have to protect the databases from leaking!

(I understand your POV but it's also a challenge on this side of the looking glass mirror too)

Cat and mouse, eh?
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter

Image
Forum Rules wrote:  1. Rule #1: Be Nice. This is published forum rule #1. Even To Newbies & People You Disagree With!
  2. Please report rule violations If you see a post that violates forum rules, then report the post.
  3. ALWAYS respect indie testers here. See how indies are bootstrapping Blur Busters research!

User avatar
Chief Blur Buster
Site Admin
Posts: 11647
Joined: 05 Dec 2013, 15:44
Location: Toronto / Hamilton, Ontario, Canada
Contact:

Re: Auto-Login Suggestion

Post by Chief Blur Buster » 12 May 2020, 19:47

One way to improve convenience is that if there are multiple emails, and you have to login after every email link -- just simply do this after logging in to one of the email links.

Image

This will allow you to quickly jump to other replies to your posts -- potentially minimizing re-logging in.

It's not a perfect solution, but it can improve convenience for Private Browsing.
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter

Image
Forum Rules wrote:  1. Rule #1: Be Nice. This is published forum rule #1. Even To Newbies & People You Disagree With!
  2. Please report rule violations If you see a post that violates forum rules, then report the post.
  3. ALWAYS respect indie testers here. See how indies are bootstrapping Blur Busters research!

Joel D
Posts: 158
Joined: 25 Apr 2020, 19:06

Re: Auto-Login Suggestion

Post by Joel D » 13 May 2020, 02:10

Chief Blur Buster wrote:
12 May 2020, 19:47
One way to improve convenience is that if there are multiple emails, and you have to login after every email link -- just simply do this after logging in to one of the email links.

Image

This will allow you to quickly jump to other replies to your posts -- potentially minimizing re-logging in.

It's not a perfect solution, but it can improve convenience for Private Browsing.
Yea this solution here will work ! Thanks.

I do see the point of the hacker thing. Thats a must and always #1 on importance. But what I was suggesting would not alter the safety one bit or make it easier for any hacker to do anything. Cause when you click the link and go to the thread, you wouldn't be logged in. You'd be in "read only guest mode" UNTIL you optionally logged in if you so desired (to respond if you wanted).

The link wouldn't be any breech of anything at all and not contain any sensitive info, data or coding, etc.. if per chance the email got in the wrong hands. I know this works simply because some pretty big time forums use this method. It is indeed much more convenient for the member though, as its allowing the user to *optionally* view their replies as a guest (by default), or log in and view/respond as a member. (once they arrive to the thread as a guest from the email link).

Even the almighty nutcase security freaks Apple does this method for their forums. So I know its a safe method.

Not telling anyone to change anything. Just a suggestion, as I am a member of many forums (Hugely popular forums = 1 million threads, 13 million posts, 400k members size type forums) and this is the method they use. I believe its simple, cheap and bullet proof.

User avatar
Chief Blur Buster
Site Admin
Posts: 11647
Joined: 05 Dec 2013, 15:44
Location: Toronto / Hamilton, Ontario, Canada
Contact:

Re: Auto-Login Suggestion

Post by Chief Blur Buster » 13 May 2020, 03:21

Good point.

The trick is time too — whether it’s writing code or choosing the right trusted module/plugin to do this.

I’ll research this, though there might not be a quick solution (yet)
Head of Blur Busters - BlurBusters.com | TestUFO.com | Follow @BlurBusters on Twitter

Image
Forum Rules wrote:  1. Rule #1: Be Nice. This is published forum rule #1. Even To Newbies & People You Disagree With!
  2. Please report rule violations If you see a post that violates forum rules, then report the post.
  3. ALWAYS respect indie testers here. See how indies are bootstrapping Blur Busters research!

Joel D
Posts: 158
Joined: 25 Apr 2020, 19:06

Re: Auto-Login Suggestion

Post by Joel D » 13 May 2020, 17:25

Chief Blur Buster wrote:
13 May 2020, 03:21
Good point.

The trick is time too — whether it’s writing code or choosing the right trusted module/plugin to do this.

I’ll research this, though there might not be a quick solution (yet)
Totally appreciate it ChiefBB. No worries, as your temporarily solution is a good hold off for me. Thanks again.

Post Reply