Board upgrade 1800-1900hrs 07/02/2008

[ExigeKen]

Anyone found which "style" is best for browsing on the the blackberry?

Would it be possible to actually create a "mobile" style?

Just a thought...


Oh, and I dont know why but my blackberry doesnt remember who I am when I sign on... almost as if the cookie isnt stored. Anyone else had this?

yes I get this since the upgrade - its a pain

[steve_weegie]

Anyone found which "style" is best for browsing on the the blackberry?

Would it be possible to actually create a "mobile" style?

Just a thought...


Oh, and I dont know why but my blackberry doesnt remember who I am when I sign on... almost as if the cookie isnt stored. Anyone else had this?

yes I get this since the upgrade - its a pain

Nope, works fine for me....

[DJ]

What's involved in moving the forum onto https: ?

My login keeps dropping out at work (pre 9, lunchtime and post 5 of course) and I've found out it is because we have two ISPs for security and DR purposes. Connections swap at random behind the scenes so when I click between pages it changes my IP address if it happens to change ISP and therefore drops my login.

Heard there may be a charge for running a secured site then also heard there can be no charge if self certified. Clearly not worth it if any cost or a lot of development just to allow one guy to make the odd lunchtime posting !!... but thought I'd ask anyway in case it was an easy switch that had no impact on anything else.

(apols in advance if there is a really obvious answer to this as I am not a techy )

thanks

[steve_weegie]

Primary reason for not running https is the larger overhead on the web server, as it has to encrypt the HTTP session. Depending on how your outbound load balancing works, i suspect that https would not solve your problem however, as there is no guarentee that the https traffic will be routed any differently.

just my $0.02 though

[campbell]

I can't say for sure, but I doubt https would make any difference.

Does your office have a proxy server? I wonder if it would show a more consistent IP to the BBS (maybe not...just a long shot). Failing that, you're just going to have keep logging in, or browse at home

[ironside]

I don't think https would solve the problem either, it wouldn't be routed any differently. It's a very odd way to setup a sort of multi-homing though, don't you (and all the other employees) have this problem with every site that uses sessions? Anything you sign into?

[ExigeKen]

I don't think https would solve the problem either, it wouldn't be routed any differently. It's a very odd way to setup a sort of multi-homing though, don't you (and all the other employees) have this problem with every site that uses sessions? Anything you sign into?

Totally agree Simon. If you have two ISPs at one location and they are for DR and/or BC purposes rather than capacity then you should dual home them with BGP and fail the public IP addresses across from one connection to the other using the AS number.

This is certainly not an issue with the SE site and nothing we do here can deal with an internal change within a compnay's network.

[DJ]

Primary reason for not running https is the larger overhead on the web server, as it has to encrypt the HTTP session. Depending on how your outbound load balancing works, i suspect that https would not solve your problem however, as there is no guarentee that the https traffic will be routed any differently.

just my $0.02 though

Outbound load balancing is round-robin, however, .... we have set up a persistence profile for any sites that use https so it is routed consistently to the same ISP. Changing to https would make this work for me but can appreciate if there are other reasons not to do it.

.... don't you (and all the other employees) have this problem with every site that uses sessions? Anything you sign into?

Nope - none at all ! SE is unique...in more ways than we think ! All my work related sites change to https as soon as you have to sign-in hence the persistence profiler kicks in. Most other non-work related sites also change to https at log-in but some don't such as SELOC or Autotrader but consistently remain logged in. SE is the only one I can find even after checking with colleagues using other non-work sites/forums that has this dropping log-in issue.

Got a techy at work to search a bit more. Bit quiter today with bank holiday and all. Apparently phpbb sessions use unique session IDs AND the users IP to identify users. From what I understand most forum sites switch off the IP identity link - apparently a minor mod of two numbers on two lines of code - as was seen as unnecessary overkill and was known to cause an issue for AOL users a few years ago as AOL used to route their users through a cluster of proxys. Looks like SE has this switched on.

I am not a big poster so followed this more up out of interest than seeing it as a need to change, although this forum does seem to be a bit different in its set up. .

Hopefully some of this makes sense ?!

[ironside]

Hopefully some of this makes sense ?!

Yup, it does, this board is set to use the first 3 octets of your IP for session validation. Presumably your two (sets of?) public IPs are different enough that you fail this check. I'll turn this off now <clicks> just to see if it fixes it for you, so let me know In the meantime I'll think about whether or not it opens up any serious security issues but I don't think it does.

You could always ask your work to route traffic to SE2's IP to a particular internet router if using SE2 is essential to your job You might even be able to do this on your own PC if you know/find out the address of your internet routers you could do something like "route add 195.188.22.175 mask 255.255.255.255 ip.of.router.one -p" on the command line of your work PC. You will probably need administrator privileges to do this on your PC and it might get you into trouble in which case "route delete 195.188.22.175" undoes it

[neil]

This seems to have fixed the logging in on the mobile problem I was having

[ironside]

Well great, well done DJ's techy at work, if that sorts out some other people as well then it's probably a better solution than enabling ssl.

[DJ]

Top work Mr Ironside ! Now works with no problems at all. Makes a difference being able to post from work PC without having to log in about 6 times to get it submitted. Glad to see it has helped someone else too.

On the downside, there goes my lunchtimes

[Sanjøy]

In the absence of a page I can find with ideas for site enhancements...

Could we possibly have the option of a view all for threads with multiple pages ? Good for meets with 16 pages so you can simply ctrl+f find sections of it and saves ppl having to ask for the details to be posted every other page.

Also I seem to be prompted to log in each time I navigate away now. Never used to be like that.

Cheers to Simon for being the resident sysadmin.

Sanjoy

[campbell]

Er, there's a search this topic box on each page, doesn't that achieve the same goal?

As for re-login, maybe the BBS suspects you are a spam-bot

[Sanjøy]

Am I being dumb and not being able to find the rss feed for SE ?