Keep getting logged out

Quote by Georgia_27_8
If you are inactive for 40 minutes your progress/changes should absolutely be saved, but you simply don't need to be logged in.

Maybe on some systems. But the point is, any progress isn't saved here. And sometimes it's not even 40 mins. I can be skipping from page to page and get kicked off. Just can't figure any common sequence of events that triggers it yet.

It's most irritating if writing a comment or forum post to be presented with "An error occurred" because the system silently logged me out behind the scenes. And when presing Submit a second time to be dumped to the front page so I can't even recover what was typed.

I've learnt to select all and copy first, just in case, but it shouldn't be necessary if I'm actively using a session.

What's odd is that if it is session length then it should behave the same across browsers and OSs. It isnt in this case, as far as I can tell.

In a sensitive application, sure. Set a reasonable timeout and log out. Lush, however, is pretty much a social network. Imagine if Facebook or logged you out after half an hour, or even an hour. There'd be uproar!

Lush also doesn't always log people out completely. It just seems to invalidate the session and then the login cookie revalidates on refresh but loses all progress and dumps you to the front page.

That seems to imply the Remember Me switch when logging in is being honoured (cookie/localStorage) it's just that whatever is invalidating the session in some environments isn't retaining previous page state.

Bit of a conundrum.

Quote by Georgia_27_8

Out of interest, what devices are you all using?

I use both my Samsung Tab S8 and Iphone.

HP laptop with windows 11 and opera browser and a samsung A52 with android 11 and opera touch browser. Both are equally affected.

Quote by WannabeWordsmith
Imagine if Facebook or logged you out after half an hour, or even an hour. There'd be uproar!

We don't tend keep our private sexual fantasies and experiences on Facebook (don't actually have FB) or though lol.

I do get where people are coming from however as it is inconsistently happening across multiple platforms and sections of the site.
That is the only reason the bug has been bugging me. (Pun not initially intended )

I couldn't care less about session timeout if I am inactive though.
But it has fortunately only ever happened to me whilst I have been inactive and not flicking between pages/comments etc, so I have a completely different experience of it to you all.

I do think that session timeout due to inactivity is something Lush should to look into though on the next profile update.

On V1 when there were limits on the number of members in a Chatroom, we had session timeouts where if we were inactive for X amount of time, we were auto-kicked so that someone else could enter.

For chat with a limited room capacity, kicking people out for inactivity is fine and makes a lot of sense to give everyone a fair shot. But I wouldn't expect it to log me out of the site and dump me to the front page too. Maybe that's an unreasonable expectation.

I'm not a fan of enforced session timeouts on a social site. If I've asked the site to remember my details it should do so for a reasonable time frame. Like a month or two or more. If I haven't, fine. Log me out after a period of inactivity.

Incidentally, I don't know how many reports of the logout behaviour are actually being completely logged out. As in, all the way back to the login page where you need to type in the credentials again vs being dropped to the front page or dropped to the login page but a second refresh logs you back in again automatically via the cookie. Those behaviours are very different from a debugging perspective.

I wonder if reports of people being prompted to upgrade are also a by-product of this? e.g. you're logged in, you go to do some action, it 'soft logs' you out for reasons unknown, sees you don't have enough permissions to do the action and asks you to upgrade. But maybe if you refresh the screen it logs you back in again and the prompt goes away, albeit you don't get back to the page you were on because the site dumps you back to the front page. Dunno. I've only seen the upgrade notice once so I don't know the specifics of this issue. Just guessing it might be related.

Quote by WannabeWordsmith

I wonder if reports of people being prompted to upgrade are also a by-product of this? e.g. you're logged in, you go to do some action, it 'soft logs' you out for reasons unknown, sees you don't have enough permissions to do the action and asks you to upgrade. But maybe if you refresh the screen it logs you back in again and the prompt goes away, albeit you don't get back to the page you were on because the site dumps you back to the front page. Dunno. I've only seen the upgrade notice once so I don't know the specifics of this issue. Just guessing it might be related.

That is indeed the current view of the development team.

Quote by IMPURETHOUGHTS

I think Lush tried this once. To have a notice board of what bugs/things will be done but seeing as it was a close thread, users would create thread about said issues and it was just chaos.

We cannnot have updates cause users will start to say, "well you said on this timeline and you didn't do it.

Why don't you get people who will only work on Lush, etc., etc.,...

I don't want to know anything. I want to be surprised.

I may have gone off topic, but really, do I ever stay on topic?

Forum threads are not a good format for bug reports, hence the (somewhat hidden) ticketing system.

As for wanting to be surprised: no one is forcing you to look at the tickets being raised, regardless of what system is used

Might have something to do with SameSite attribute of cookies, changes in the specs and whether those have been implemented in the user's browser or not.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Quote by noll

Forum threads are not a good format for bug reports, hence the (somewhat hidden) ticketing system.

As for wanting to be surprised: no one is forcing you to look at the tickets being raised, regardless of what system is used

None of this was helpful.

Quote by WannabeWordsmith
But I wouldn't expect it to log me out of the site and dump me to the front page too. Maybe that's an unreasonable expectation.

Maybe it is just me, but I find this an incredibly logical thing to do from a technical point of view.

1) From a members POV:
As mentioned above, it saves data, it saves power, adds a security feature.

2) From the sites POV:
If people are idle for X hours, they get logged out.
It will give the Dev team accurate reporting info as to how many members are spending what amount of time online.
Reduced session time = reduced server activity = reduced server power requirement = reduced running costs (essential given the cost of energy in todays market) which can then be spent elsewhere on the site.

Honestly, where is the downside to any of that, other than it not being convenient?


Would you leave the garage door open at night because you are driving to work the next morning?
No, of course you wouldn't.

Quote by Georgia_27_8

Would you leave the garage door open at night because you are driving to work the next morning?
No, of course you wouldn't.

Would you design a garage door that comes down on you as you're half-way in? That's the problem some people are having. No, of course you wouldn't.

Quote by dlcalguy

Would you design a garage door that comes down on you as you're half-way in? That's the problem some people are having. No, of course you wouldn't.

That isn't the argument I am making.
As you can see from my following comment yesterday, I understand the frustrations, if you had bothered to read the whole thread.

Quote by Georgia_27_8
We don't tend keep our private sexual fantasies and experiences on Facebook (don't actually have FB) or though lol.

I do get where people are coming from however as it is inconsistently happening across multiple platforms and sections of the site.
That is the only reason the bug has been bugging me. (Pun not initially intended )

I couldn't care less about session timeout if I am inactive though.
But it has fortunately only ever happened to me whilst I have been inactive and not flicking between pages/comments etc, so I have a completely different experience of it to you all.

I do think that session timeout due to inactivity is something Lush should to look into though on the next profile update.

On V1 when there were limits on the number of members in a Chatroom, we had session timeouts where if we were inactive for X amount of time, we were auto-kicked so that someone else could enter.

I'm curious, those that don't like being automatically logged off, is it because you don't have info saved on your device and have to manually type it in? Using incognito?

Sharing devices? Not gonna lie, if you are still sharing devices, that's kinda funny.

Right now, it logged me in automatically but other times, I'll join the site through a saved thread that I haven't visited in three days and I'll just make my stylus pen or index finger hover over login and boom, I'm logged in. Lush login info is saved to Samsung Internet browser.

Idk, some of you have stated clearing history/cookies/cache after every lush visit lol

Adults on an adult website who still delete this site off their history cause using "Family iPad/ tablet/desktop" What's next, using Family mobile phone?

I personally don't mind.

I see it as lush playing peek-a-boo just don't be down for hrs lol nonono

Not gonna lie, but some of you type an entire paragraph to a response that should have just been a sentence. Mini story replies are not necessary lol no wonder you get timed out lol

Yes, even when typing this, the page refreshed on me as I got link for .gif--i had copied my response to clipboard

Since day one when coming into this new site, Lush has been giving us tips.

Will we see something about this? I don't see the time outs as an issue, only if you're a slower typer than, fuck lol

Quote by Georgia_27_8

Maybe it is just me, but I find this an incredibly logical thing to do from a technical point of view.

1) From a members POV:
As mentioned above, it saves data, it saves power, adds a security feature.

2) From the sites POV:
If people are idle for X hours, they get logged out.
It will give the Dev team accurate reporting info as to how many members are spending what amount of time online.
Reduced session time = reduced server activity = reduced server power requirement = reduced running costs (essential given the cost of energy in todays market) which can then be spent elsewhere on the site.

Honestly, where is the downside to any of that, other than it not being convenient?


Would you leave the garage door open at night because you are driving to work the next morning?
No, of course you wouldn't.

Sorry, but these are non-arguments in my POV. First, if saving data on the user's side was something Lush was after, it would have been setup entirely different. The current site reimplements a lot of features that are standard browser features. That means a lot of extra code is downloaded on most pages, that could have been left out.

Second, getting error messages, being redirected to the login page, having to navigate to the correct page after logging in again, etc. all means extra data that the user didn't ask for.

Keeping a session alive is, AFAIK (I'm not a backend developer) not a big burden on the server at all, neither in data, nor energy.

But the main reason why these are non-arguments IMO is that Lush admins already acknowledged that it's not a feature, but a bug they're looking into.

Quote by noll
But the main reason why these are non-arguments IMO is that Lush admins already acknowledged that it's not a feature, but a bug they're looking into.

I have not said once that it is a feature which Lush has intended, and have actually sympathised with the inconsistencies as per above.

I am saying it should be a feature Lush thinks about on future profile updates.

On a site that gets hundreds of thousands of hits a day, accurate information as to how many people are logged in and actually active at one time could prove valuable with progressing the site.

Those that sit there doing nothing because they are sleeping or watching Eastenders are then going to be causing inaccurate data.

Thousands of other successful global technologogical enterprises, and even other services similar to Lush have logon session timeouts with regards to inactivity.

It is something Lush had on the V1 chat service and is something which should, in my educated opinion, be rolled out site-wide.

Especially to those of us Mods & Admin with site administration tools at our service.

I'm not sharing devices, I don't clear my cache all that frequently, but do find that when I type a comment on a story, only to see it lost when I try to post it, to be more than somewhat annoying. Or have it lost when I get dumped back to the home page. Having to find my way back to the specific location in a thread where I was when I was dumped is also annoying.

And, as Noelleke has said, it's an acknowledged bug, not a feature.

Quote by Georgia_27_8

I have not said once that it is a feature which Lush has intended, and have actually sympathised with the inconsistencies as per above.

I am saying it should be a feature Lush thinks about on future profile updates.

On a site that gets hundreds of thousands of hits a day, accurate information as to how many people are logged in and actually active at one time could prove valuable with progressing the site.

Those that sit there doing nothing because they are sleeping or watching Eastenders are then going to be causing inaccurate data.

Thousands of other successful global technologogical enterprises, and even other services similar to Lush have logon session timeouts with regards to inactivity.

It is something Lush had on the V1 chat service and is something which should, in my educated opinion, be rolled out site-wide.

Especially to those of us Mods & Admin with site administration tools at our service.

When someone interacts with the site (navigates, posts pics/messages, scores/reviews stories, chats, etc., then they send requests to the server. So folks who are active on the site an already be distinguished from folks who are not, as the latter don't send those requests.

Lush v1 did not have a feature where you were logged out of the site after a timeout. Only chatrooms had a timeout feature, but it didn't involve being logged out. It just kicked you out of the room.

A successful chatbox requires near instant feedback (the image rooms perhaps less so), but that's not the case for the other sections of Lush.

This thread is not about being kicked out of a chat room. It's about being logged out of the entire site.

Perhaps a feature where users can opt-in or out of automatic logout after a certain period of inactivity would be a nice. But I don't have a need for it, nor is it what this thread is about.

Btw, this is the second attempt posting this, as I got logged out.

I haven't had this problem in quite a while and I access Lush on two different environments (an Android phone and a Windows 10 PC). I've been kicked out occasionally but get back in easily and it's usually traceable to me dumping cache or clearing cookies for some reason. It's not like it was a year ago when it was a struggle for me to get logged in and stay logged in, both here and on SS. I have issues with the site, but this is no longer one of them.

I have just been logged out after clicking on 'save draft' and have lost about 700 words that I had just typed!

I often save draft more frequently than that but this is so frustrating.

I seem to be getting logged out more often now when trying to move from one place to another but for it to happen in this situation is horrendous.

Maybe I will start saving draft after every line of typing!

Quote by PJH

I have just been logged out after clicking on 'save draft' and have lost about 700 words that I had just typed!

I often save draft more frequently than that but this is so frustrating.

I seem to be getting logged out more often now when trying to move from one place to another but for it to happen in this situation is horrendous.

Maybe I will start saving draft after every line of typing!

You mean to tell me didn't copy and paste story from word or another media?

You just began to type out story here? Oh, no.

Quote by IMPURETHOUGHTS

You mean to tell me didn't copy and paste story from word or another media?

You just began to type out story here? Oh, no.

Yep, all 280 of my stories, including the now completed and submitted one that I had to re-type a chunk of, have been typed direct to LUSH.

It usually works fine except in an instance like earlier today.

I'm with noll. It's not a feature. It's a detractor.

Kicking someone out of a chatroom that has limited capacity for chat slots is one thing to give everyone a fair shot at conversing. Kicking people out of the site entirely and soft logging back in via cookie or requiring credentials to frequently be re-entered is a massive pain, and unnecessary.

In my limited capacity as user and with enough knowledge of client server architecture, since it seems it's not universal across browsers or session length, I'd call it a bug.

I am a backend developer, and there's no extra server load required to keep a session open. Every request from browser to server is stateless. In Georgia's analogy, the garage door is closed after every request. The session cookie that gets passed back determines access.

Incidentslly, user activity load is generally determined by making a request: either via discrete user interaction (page click/refresh) or a push/pull to send PM/chat data to an active session.

Not too sure why there is so much discussion on this. Yes its a bug and the development team are looking to identify the cause. Personally I dont understand why anyone would type a significant volume of text online without having it saved on their device as a Word file or similar; surely thats good practice.

Quote by WannabeWordsmith

I'm with noll. It's not a feature. It's a detractor.

Kicking someone out of a chatroom that has limited capacity for chat slots is one thing to give everyone a fair shot at conversing. Kicking people out of the site entirely and soft logging back in via cookie or requiring credentials to frequently be re-entered is a massive pain, and unnecessary.

In my limited capacity as user and with enough knowledge of client server architecture, since it seems it's not universal across browsers or session length, I'd call it a bug.

I am a backend developer, and there's no extra server load required to keep a session open. Every request from browser to server is stateless. In Georgia's analogy, the garage door is closed after every request. The session cookie that gets passed back determines access.

Incidentslly, user activity load is generally determined by making a request: either via discrete user interaction (page click/refresh) or a push/pull to send PM/chat data to an active session.

You are one of the better Story Mods;
Can you read back through and tell me where I have once said it is a feature which Lush has intended and that it is not a bug?

I agree 100% that it is a bug, but personally don't mind as it fortunately only seems to happen to me when I idle. Leading me to suggest that Lush should look at bringing in auto logout as a feature of the site.

Noll actually agreed that it could be a good feature for members to be able to opt-in for auto logout.

I work in Telecoms & Network Services, so you are not the only person from a tech background on this thread.
My Admin accounts at work logout every 15 minutes without activity or if my machine is manually locked before then.

As a backend developer, I would like to assume that your business' Admin/Developer accounts auto-logout, yes?
(If not, that should be addressed as a matter of urgency by your department as a security risk.)

It has been said: "but Lush is basically Social Media and that Facebook & don't log you out" (words to that effect).
I guarentee it would be more embarrasing, intrusive and potentially even damaging to our personal relationships if someone was to gain access to our Lush than Facebook, , Twitter etc..

General accounts? opt-in would be cool and I think a lot of members would use it, considering how many of our partners don't seem to know about Lush.

However, our Mod & Admin accounts should definitely auto-logoff through inactivity as standard.

Security & privacy have to take priority over convenience, every single time.
That shouln't need to be a debate with someone also following a career in technology.

I'm sorry, but a bug is not a feature, it's a bug.

I just had a Forum post vanish, and had to re-enter it because this "feature" signed me out after about 10 minutes on-site

That's not a feature. It's annoying. And it seems to be happening with a shorter duration.

I'm glad to hear that it's being worked on. Thank you.

Quote by Georgia_27_8
Security & privacy have to take priority over convenience, every single time.

Absolutely agree. In which case Lush should actually log us out and not just pretend everything is okay until you try to post something and lose your work because you've been soft logged out in the background. That's the real issue.

That said, the use cases between mission critical corporate systems and social sites are very different. If someone gets hold of my phone and reverse engineers my lock code, they shouldn't be able to get into any corporate accounts or sensitive stuff if I'm auto logged out after inactivity. But with Lush, all they have to do is refresh the browser page to be logged back into Lush via cookie. That's not site security!

The nature of the site is that one can be replying to a forum post, helping an author with a story mod note, or be interacting with the same page (e.g writing a story) client side for upwards of 20, 40, 60 minutes or more if life gets in the way. The system will treat that as "inactivity" and something happens, on some browsers (not all, maybe?) behind the scenes to soft log you out. Between that, and being dumped to the front page when you refresh or go to save your work, is inconvenient and a unexpected UX. Because you can't Back to restore your work. Even if you are immediately relogged in via cookie.

Some systems get around it with a client side timer that pops up a message saying you'll be logged out in N minutes if you don't save now. That's fine. It'll do. And is a truckload better than pretending you're still logged in.

P.s. we might be talking at cross purposes. What do you consider 'idling'? With my user hat on if I'm typing in a text area, I am not idling, I am interacting with the site. The fact there is no client-server interaction while I'm doing that is not on my radar.

I got logged out of site after being active for 15mins*

Damn.

That kick definitely hurt. I was like, bitch, what?

--

Edit:corrected time.

Quote by Georgia_27_8

You are one of the better Story Mods;
Can you read back through and tell me where I have once said it is a feature which Lush has intended and that it is not a bug?

I agree 100% that it is a bug, but personally don't mind as it fortunately only seems to happen to me when I idle. Leading me to suggest that Lush should look at bringing in auto logout as a feature of the site.

Noll actually agreed that it could be a good feature for members to be able to opt-in for auto logout.

I work in Telecoms & Network Services, so you are not the only person from a tech background on this thread.
My Admin accounts at work logout every 15 minutes without activity or if my machine is manually locked before then.

As a backend developer, I would like to assume that your business' Admin/Developer accounts auto-logout, yes?
(If not, that should be addressed as a matter of urgency by your department as a security risk.)

It has been said: "but Lush is basically Social Media and that Facebook & don't log you out" (words to that effect).
I guarentee it would be more embarrasing, intrusive and potentially even damaging to our personal relationships if someone was to gain access to our Lush than Facebook, , Twitter etc..

General accounts? opt-in would be cool and I think a lot of members would use it, considering how many of our partners don't seem to know about Lush.

However, our Mod & Admin accounts should definitely auto-logoff through inactivity as standard.

Security & privacy have to take priority over convenience, every single time.
That shouln't need to be a debate with someone also following a career in technology.

This thread is not about some possible feature, it's about the bug. It's also not about mod and admin accounts, though those may be affected too by this bug, but about regular user accounts.

When I have an update from the development team I will post that here. In the meantime I will lock this thread since its gone off topic and I dont believe there is anymore of any value to be said on the matter of 'Keep getting logged out'.

The update is that this issue is still under investigation. I thought it prudent to post just that so that you know it remains ongoing albeit there is no progress.