How come I must login to PFF everytime I close my browser? I use firefox and I left the clear cookie setting empty (so it leaves my cookies alone) and I have changed my prefs in PFF but still it logs me out when I close my web browser. This just started happening in the last couple week that I've noticed. PFF used to leave me logged in for weeks on end, not anymore....

Try clearing all PFF cookies by clicking this link (do not click if you don't want to clear all cookies set by PFF).

Restart browser and login again. See if it sticks this time.

Thanks, that worked perfect.

I just tried that, and it did not work

My normal procedure, that I have to do, is to go to private messages, and login there. Then go back to the main forum page, generall/mall ect and only then can see my window pane on the left with the last posted threads and such.

It would be nice if there was at least a "Login" link somewhere at the top of the forum. When I first started coming here, I thought the "register" link would do it, as most sites, when you click that link have the register fields, as well as a "Click here if you are already registered".

quote Originally posted by JohnWPB: I just tried that, and it did not work My normal procedure, that I have to do, is to go to private messages, and login there. Then go back to the main forum page, generall/mall ect and only then can see my window pane on the left with the last posted threads and such. It would be nice if there was at least a "Login" link somewhere at the top of the forum. When I first started coming here, I thought the "register" link would do it, as most sites, when you click that link have the register fields, as well as a "Click here if you are already registered".

It would be really nice if the site was on SSL, and login was handled better, yes. Currently, PFF just has username/password entries on any page that requires a log-in to use.

You do realize there's a login link at the top of the main forum page?

quote Originally posted by Cliff Pennock: You do realize there's a login link at the top of the main forum page?

Well, I may be totally missing something, but I can not find a login anywhere "at the top of the main forum page"

right above where it says forum on the left side of that pic it should say login/logout thats where mine is

Sometimes, if you go to a thread first then try to click on the main page you'll get the picture above. BUT if you just go to the direct www.fiero.com then click the forum link it'll be there. It just kinda disappears if you go to a thread first.

quote Originally posted by Cliff Pennock: You do realize there's a login link at the top of the main forum page?

Depending on how you get to that page, but I think he's wanting to see it on every forum page. Any chance to get SSL support with an EV cert?

quote Originally posted by Cliff Pennock: You do realize there's a login link at the top of the main forum page?

My work computer uses IE6 and does not display the login link at the top of the page. I have to login using the PM page from work. This really isn't PFF's fault since IE6 is so outdated.

quote Originally posted by dobey: Any chance to get SSL support with an EV cert?

Why?

quote Originally posted by sportcoupe: My work computer uses IE6 and does not display the login link at the top of the page. I have to login using the PM page from work. This really isn't PFF's fault since IE6 is so outdated.

I am using FireFox, latest version, and I also do not see the login, as I posted above in my screen capture. So it's not just an IE thing.....

quote Originally posted by Cliff Pennock: Why?

Because having to constantly send a password or auth/session cookie over plain HTTP is horribly insecure, and with the rapidly growing free wifi access all over the world, makes it very easy for anyone to steal accounts.

quote Originally posted by dobey: Because having to constantly send a password or auth/session cookie over plain HTTP is horribly insecure, and with the rapidly growing free wifi access all over the world, makes it very easy for anyone to steal accounts.

You want to securely log in to a car forum???

Cliff ---- knee slap LOL

------------------


http://www.tylerstoy.com

How about a login tab at the bottom of every page? Just in case you come here from a link to a thread. If already logged in it could say "already logged in" instead of the link.

quote Originally posted by Cliff Pennock: You want to securely log in to a car forum???

I would like to securely log in to anything I log in to, yes. Just because PFF is 12 years old, doesn't mean it has to work the same way it did 12 years ago.

quote Originally posted by dobey: I would like to securely log in to anything I log in to, yes. Just because PFF is 12 years old, doesn't mean it has to work the same way it did 12 years ago.

Wow. You're serious.

Ok, serious answer: I think logging in securely through SSL on a car forum is totally unnecessary.

And apparently, I'm not alone. Quick round along some of the forums I frequently visit:

LinuxQuestions.org (450,148 members): Nope, not using secure logins.
Debian User Forums (25,183 members): Not using secure logins.
Microsoft TechNet Forums: Uses secure login which makes sense since you need to login to your Live account.
DD-WRT Forum (110.539 members): Not using secure logins.
Hauppauge forums (20,803 members): Not using secure logins.
AVForums (313,615 members): Not using secure logins.
ASUS Support forums: Not using secure logins.
Skype Support forums: Using secure logins which makes sense since your login information is the same as your Skype account's.
NVidia forums (242,088 members): Not using secure logins.

To make a long story short, from the 28 forums I have in my bookmarks, only three (eBay, Microsoft and Skype) use secure logins because it actually makes sense there to use secure login. Still you want PFF to get with the times and use secure logins?

If you are so concerned someone stealing your PFF credentials, dont:

• Surf over free, unencrypted, unsecure wireless connections (since that's apparently your concern)

Also, and this is again a very serious and good tip:

Don't reuse passwords!

It seems like a good idea to use the same password for PFF as you use for your online banking, but it really isn't. We've had PFF accounts hacked in the past because people used the same password here as they did on another (Fiero) forum. The passwords were obtained by the mods there and used here. And no secure login procedure would have prevented that.

quote Originally posted by Cliff Pennock: Wow. You're serious. Ok, serious answer: I think logging in securely through SSL on a car forum is totally unnecessary. To make a long story short, from the 28 forums I have in my bookmarks, only three (eBay, Microsoft and Skype) use secure logins because it actually makes sense there to use secure login. Still you want PFF to get with the times and use secure logins? If you are so concerned someone stealing your PFF credentials, dont: Surf over free, unencrypted, unsecure wireless connections (since that's apparently your concern) Also, and this is again a very serious and good tip: Don't reuse passwords! It seems like a good idea to use the same password for PFF as you use for your online banking, but it really isn't. We've had PFF accounts hacked in the past because people used the same password here as they did on another (Fiero) forum. The passwords were obtained by the mods there and used here. And no secure login procedure would have prevented that.

It's not just secure log-in that I would like every site that requires a log-in to have, but also secure sessions. A secure log-in is completely useless if you use insecure cookies to maintain the session. If Mozilla, Apple, Microsoft, Google, Opera, etc… all got off their collective asses and really made their browsers secure, then everyone would be doing secured sessions anyway. It's not that I am particularly worried about myself here. I have the brains and skills to be able to limit potential security threats when I'm on the Internet. But not everyone is as smart or skilled as me.

While validated SSL authentication and sessions won't prevent all possible threats, it does prevent a large amount. Even the two pieces of advise you gave here, aren't enough. It doesn't matter if the wifi access point is WEP/WPA encrypted or not, if all the data is still plain text. All the WEP/WPA does is make it slightly more troublesome for someone to read the radio waves directly. And coffe shops, hotels, airports, etc… don't use WEP/WPA for their free, or even paid, wifi access. It would be entirely pointless for them to do so.

quote Originally posted by JohnWPB: I am using FireFox, latest version, and I also do not see the login, as I posted above in my screen capture. So it's not just an IE thing.....

OK, I found the "missing" login at my work computer (IE6). The link is where is should be but just not visable. Hovering my mouse over the "suspect area" and it showed a hyperlink there. I clicked the spot and the login screen appreared.

See i knew Cliff was sneaky. Secret entrance.

quote Originally posted by dobey: It's not just secure log-in that I would like every site that requires a log-in to have, but also secure sessions.

Well, good luck on your quest.

You do realize a certificate costs money? I'm not going to spend $400+ a year on a VeriSign certificate just so PFF can run entirely on SSL to protect, what, someone's PFF password and private messages? Since those are the only things not public on PFF. And yes, I know you can self sign a certificate but then a visitor gets all kinds of pop-ups that the certificate is not a trusted one.

Seriously, you still haven't answered why you feel PFF or 99.9% of the other forums out there even need secure sessions. Please explain what those threats are you're talking about.