LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices

Reply
 
Search this Thread
Old 05-17-2010, 02:56 AM   #1
__raHulk
Member
 
Registered: Apr 2010
Location: Mumbai
Distribution: RHEL, Debian, Fedora, Ubuntu
Posts: 39
Blog Entries: 1

Rep: Reputation: 16
https LQ and session time-out feature.


To All Moderators/Root,

What I have to convey is just 2 of my suggestions...
Can we have
1. https-SSL for Linux Questions.
2. Session time-out feature enabled.

I know that it is complicated/not simple to implement above two things.

Take for example the https with encryption feature: If implemented then we cannot leave out the login page. But in our case we can login from almost every page and hence implementing https encryption will mean that we have https for all those page ie. https for the whole site.

Secondly, I came across this as I left my desk one day without logging out of LQ and when I came the next day I found myself already logged in and I was able to surf/post well. Then I thought of timing the session out for LQ after a certain time of inactivity.

And I know that some might think that having session time out feature for this kind of knowledge sharing site is too much security; then I would suggest a maximum idle time upto 3-6 hrs or so - whatever. That wouldn't be too harsh for LQ users.

Finally I want to thank to all of you for reading this and not minding me talking about such things being a LQ newbie.

Thanks Again.

Cheers!!!
 
Old 05-17-2010, 05:20 AM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
This is already implemented. Every page has both an http:// and a https:// entry - test it on any page you like. As an example: https://www.linuxquestions.org/quest...eature-808274/ - this page. If you are on non-https now, opening that page will show you as logged out.

As to the logout, log out manually, clear your cache and then log in again but make sure that you uncheck "remember me" below the log in.
 
1 members found this post helpful.
Old 05-18-2010, 01:17 AM   #3
__raHulk
Member
 
Registered: Apr 2010
Location: Mumbai
Distribution: RHEL, Debian, Fedora, Ubuntu
Posts: 39
Blog Entries: 1

Original Poster
Rep: Reputation: 16
Quote:
This is already implemented. Every page has both an http:// and a https:// entry - test it on any page you like. As an example: https://www.linuxquestions.org/quest...eature-808274/ - this page. If you are on non-https now, opening that page will show you as logged out.

As to the logout, log out manually, clear your cache and then log in again but make sure that you uncheck "remember me" below the log in.
Yesterday 01:26 PM
Oops I didn't noticed that, was totally unaware that this site is already using https also.
This thread is simply stupid/silly. But I came to know about this only after posting here. Had I not posted here, how would I come to know abt these things.

Anyway Thanks very much XavierP.
 
Old 05-19-2010, 01:48 AM   #4
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,627

Rep: Reputation: Disabled
Quote:
Originally Posted by XavierP View Post
This is already implemented. Every page has both an http:// and a https:// entry - test it on any page you like. As an example: https://www.linuxquestions.org/quest...eature-808274/ - this page. If you are on non-https now, opening that page will show you as logged out.

As to the logout, log out manually, clear your cache and then log in again but make sure that you uncheck "remember me" below the log in.
This is the message on the windows with https login
Quote:
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?
The favicon also does not show the certificate authority.
 
Old 05-19-2010, 06:34 AM   #5
__raHulk
Member
 
Registered: Apr 2010
Location: Mumbai
Distribution: RHEL, Debian, Fedora, Ubuntu
Posts: 39
Blog Entries: 1

Original Poster
Rep: Reputation: 16
Quote:
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?
I'm surprised. Is it true that it goes without encryption???

Also I started facing some problems since I started using https://
The pages gets loaded well no issues but the tab icon still revolves as if the page is still loading and the status bar shows something like
"Transferring data from blah blah!".

I don't think it is usual. I'm using Firefox 3.6.3.
 
Old 05-19-2010, 07:40 AM   #6
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
Can you provide the actual URLs that aren't resolving? That may be something Jeremy needs to fix.
 
Old 05-19-2010, 07:40 AM   #7
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,425

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
There are some elements of the site that are served by domains that do not support https (although the favicon is not one of these), so depending on your browser settings you may see a warning message. I browse the site exclusively via https and do not see the behavior you're seeing.

--jeremy
 
Old 05-20-2010, 12:14 AM   #8
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,627

Rep: Reputation: Disabled
Quote:
Originally Posted by jeremy View Post
There are some elements of the site that are served by domains that do not support https (although the favicon is not one of these), so depending on your browser settings you may see a warning message. I browse the site exclusively via https and do not see the behavior you're seeing.

--jeremy
So Jeremy, does that mean that I can fairly ignore the warning message about the encryption part? Because the favicon part should give the information about the certificate issuing authority while hovering the mouse over it. But it does not.
 
Old 05-20-2010, 09:17 AM   #9
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,425

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
That is unrelated to the encryption and has to do with the type of certificate being used (OV vs DV).

--jeremy
 
Old 05-20-2010, 10:57 AM   #10
smeezekitty
Senior Member
 
Registered: Sep 2009
Location: Washington U.S.
Distribution: M$ Windows / Debian / Ubuntu / DSL / many others
Posts: 2,230

Rep: Reputation: 173Reputation: 173
@the OP:
What could possibility go on LQ that needs encryption?
 
Old 05-21-2010, 12:27 AM   #11
__raHulk
Member
 
Registered: Apr 2010
Location: Mumbai
Distribution: RHEL, Debian, Fedora, Ubuntu
Posts: 39
Blog Entries: 1

Original Poster
Rep: Reputation: 16
Quote:
@the OP:
What could possibility go on LQ that needs encryption?
You never know what may go wrong until it happens. Perhaps this is the reason why encryption has been originally implemented.

Quote:
originally posted by XavierP

As to the logout, log out manually, clear your cache and then log in again but make sure that you uncheck "remember me" below the log in.
Done that but still when I leave the session without logging off and come back the next day to see that the session is already active and I still am able to post. Like this one has been logged in few days back.

Any more suggestions....
 
Old 05-21-2010, 12:39 AM   #12
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,627

Rep: Reputation: Disabled
I never face this problem. My session usually ends after some time. Not a problem for me. Is it specific to OP?
 
Old 05-21-2010, 02:14 AM   #13
__raHulk
Member
 
Registered: Apr 2010
Location: Mumbai
Distribution: RHEL, Debian, Fedora, Ubuntu
Posts: 39
Blog Entries: 1

Original Poster
Rep: Reputation: 16
Then isn't there anything else which I could do to solve "MY" problem??
 
Old 05-21-2010, 03:15 AM   #14
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
That's odd. Clearing the cache and logging out should set you back to the login page. IIRC, https should force you to login each time you visit.
 
Old 05-21-2010, 03:55 AM   #15
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,627

Rep: Reputation: Disabled
My session ends even with http. I do not regularly use https.
 
  


Reply

Tags
feedback, https, session, timeout


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
14all.cgi with time based feature ??. talat Linux - Software 1 08-08-2009 07:57 AM
14all.cgi with time based feature ??. talat Programming 1 08-07-2009 11:56 PM
SSH concurrent session limit and idle session time out lasygsd Linux - Newbie 2 04-21-2009 10:11 PM
Can URL used inside an HTTPS session be read by HTTP proxy ? PlatinumX Linux - Security 1 07-30-2008 04:32 AM
Some https connections time out. Likosin Linux - Networking 0 04-26-2005 07:48 PM


All times are GMT -5. The time now is 03:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration