• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Interesting Fur Affinity Forums behaviour

JackTheFoxOtter

New Member
Hello there, everyone!
I did just create an account on the Fur Affinity Forums here out of curiosity, however have instantly encountered a behaviour that made me even more curious, because I am a confused about the technical background of it.

So, here is what I did. I created my account, confirmed the email and it send me back to the start page, where I was not logged in automatically. Nothing weird up to that point. As I wanted to log in I noticed that I was not using a secure certificate and therefore switched from Fur Affinity Forums to Fur Affinity Forums. Here comes the strange situation into play. Suddenly, I was logged into my newly created account, without having ever entered my password after account creation. I then played around with it some more. Switching back to the http:// site brought me to an instance of the page where I was not logged in. Back to https:// I was logged into my account again. (Clearing my browser cache on both instances did not change this behaviour.) Clicking the banner on top of each page sends me back to Fur Affinity Forums, so in my weird case, it kicks me out of my account until I switch back to the https:// url.

What I suspect is happening here is that on confirmation of my email it automatically created a session cookie for my newly created account for the site Fur Affinity Forums, which does however not apply to Fur Affinity Forums. This would mean that it's probably the intended behaviour to log me in after account creation, however since literally the main banner does not re-direct me to the address which the session cookie is saved for I am unsure as to what the automatic log-in is actually good for, since it will appear to every new user that they are not logged in after account creation.

Additionally I have never heard of session cookies being different between certified and non-certified instances of the same page, since it's still the same page.

If anyone could bring some light onto why this is happening I would greatly appreciate it!

Best regards
Jack
 

mareenaicefin

Protector of Narwhals
I was having issues where just navigating the forum would log me out. I worked out this was because I linked the https site to my bookmarks and every link on the page links to the http site. I added an always https plugin for chrome and no issues since and every page I click on is a https. (If any of that makes sense)
 

rekcerW

Well-Known Member
Kinda wondering why https redirects aren't forced through htaccess or some shit... You know users aren't going to type https://yaddayadda, they're going to type yaddayadda.com and expect ssl. Especially when everybody's browser goes crazy over an unencrypted connection... Come on, it's fuck all to implement, and it avoids shit like this.
 

JackTheFoxOtter

New Member
Short update on this topic:
I'm using the free browser extension HTTPSEverywhere which works as a great workaround (thanks to @mareenaicefin for the suggestion), and honestly, it's probably not a bad idea to use this anyway.
Maybe this should still be something the devs of the site should look into though, because not everyone uses extensions like this, and this should kind of not happen in the first place.
 
O

Okami_No_Heishi

Guest
There is an option to stay logged in right next the loggin in icon. Check it and you shouldn't be kicked off while browsing.
 
Top