Skip Navigation
Fedia Discussions @fedia.io ciferecaNinjo @fedia.io

Silent logout impacts Tor users

I wrote a lengthy reply to someone. Clicked “add comment” to submit it. A wheel spun then quit spinning. Nothing else happened. The text box remained there with my msg. Clicked “add comment” again. Same thing.

I got lucky in discovering the problem: I was silently logged out. How do I know? A: only because I happened to open a new tab to visit fedia.io, which showed a login button. All the other tabs continued showing the sidebar as if I were logged in. So I was lucky that I discovered the issue so I could re-login and submit the msg. Most people will probably walk away & throw away their work in disgust in this situation.

I know some PHPbb boards are quite fragile and logout users after X amount of time. I doubt that’s the case with kbin. I wonder if it’s a case where a Tor circuit gets periodically torn down & kbin does not consider the cookie alone good enough. Perhaps kbin associates cookie to IP address. In any case, it’s a problem.

possible remedies:

A. file a bug report against kbin (I would do this myself if the bug tracker were not on a Microsoft asset)
B. an onion service might solve this

w.r.t “A”, this could actually be 4 or so bugs here:

  1. IP-cookie forced association
  2. when a user is logged out (for any reason), the sidebar should reflect that so they are not mislead
  3. when a submission is refused, there should be an error. It should have said “please login to post”
  4. (?) being logged out should not block posting. Perhaps anonymous posts should be allowed. Definately wishlist kind of stuff here.. but in principle anyone should be able to reply without an account so long as the reply goes through a heavier moderation process.
2

You're viewing a single thread.

2 comments