Hughesnet Community

Signing in each and every visit?

cancel
Showing results for 
Search instead for 
Did you mean: 
GabeU
Distinguished Professor IV

Signing in each and every visit?

Is it normal to have to sign in with each and every visit?  Even if I close out the window and come back within fifteen seconds, I have to sign in again.  Is this normal?  If I get notices of replies throughout the day, am I going to have to leave a Hughesnet Community window open to keep me signed in?  Shouldn't there be an option to remain signed in.  

 

I know the mods will probably quickly get sick of "On the other Hughesnet Community...", but on the other Hughesnet Community I rarely had to sign in as my computer would stay signed in.  

 

Actually, yesterday it was staying signed in.

 

I know Jezra started a related post, but I figured his was more about actively signing out and remaining signed in than just remaining signed in when one didn't try to sign out.  

45 REPLIES 45
GW
Advanced Tutor

This forum security is ridiculous. Our Fidelity Investments brokerage account lets me stay logged in for hours longer than this place. That account gives access to trade and transfer a lifetime accumulation of investments. I logged in there at 7 am to read the premarket news pertinent to our holdings and watch list and I'm still logged in now. Conversely, every time I come back to my computer throughout the day and look at the tab for this forum, I'm logged out.

 

What exactly is it that needs to be so secure about a forum to talk about satellite internet? Are we afraid somebody may sneak in to someones back room or office and use a private computer to post the codes to take down the new Jupiter?

C0RR0SIVE
Associate Professor

They may be required to do something like this where financial information is at stake and they have so many customers now...  That's the only reason I can think of them having it set to log us out so quick and why each time the browser is closed the session gets terminated.

GW
Advanced Tutor


@C0RR0SIVE wrote:

They may be required to do something like this where financial information is at stake and they have so many customers now...  That's the only reason I can think of them having it set to log us out so quick and why each time the browser is closed the session gets terminated.


I looked around in my account and really don't find any financial information at risk other than the last four digits of a credit card. Good luck to anyone trying to guess the other 12 digits and the CVV.

maratsade
Distinguished Professor IV

What other things could someone using your account do?  I can think of some things: buy tokens in your name, post in your name.... can they do anything else, like change your personal information? 

GabeU
Distinguished Professor IV


@maratsade wrote:

What other things could someone using your account do?  I can think of some things: buy tokens in your name, post in your name.... can they do anything else, like change your personal information? 


I don't know if there is a way someone could gleen one's sign on credentials from a community account that is set to remain signed in, but if they could, that opens up a whole other can of worms as the same credentials are used to sign in to view and change one's actual account information.  Name, address, email addresses, transactions on the account, etc.  

Hi folks,

 

Thanks for the details on the login experience, this is helpful and we'll bring his up in our meeting this week. Hopefully we can find out a cause and resolution to this for you all.

 

If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

maratsade
Distinguished Professor IV

@GabeU, yes, that'd be pretty bad indeed!  I'd like the option to use with my machines at home, so I wouldn't be very concerned anyway. 

I started to make a new topic about this and this topic sgrang up as a suggestion.  The only other website I have to continuously log into is QVC.  What a pain and espeically when a site is as sloooow as this one.  Please make it more user friendly!  I don't even have to close out of the site all together.  Just a long period of inactivty (with a Community window open) can make me have to sign in again to post.

GW
Advanced Tutor

I've had to sign in four times today. I'm thankful for my password manager that allows me to sign in with two clicks but I'm not appreciative for the amount of time I have to sit here and wait for all of the gears to engage and allow movement again.

Gwalk900
Honorary Alumnus

Take a peek at your modem logs and see if you are doing momentary disconnects. Mine has been staying logged in rather well today so I don't think its a Community settings issue.

 

GW
Advanced Tutor

My uplink was down for 15 minutes early this morning with 12.1.9. That was before I was using any computers. No codes ever since.

C0RR0SIVE
Associate Professor

I stay logged in just fine, however, as soon as you close your browser out completely, your logon will expire... You can close the tab and the session remains active, but as soon as the browser is closed, the website cookies expire.

GW
Advanced Tutor

I'm happy for you C0RR0SIVE.

 

I keep this site going in a tab all the time. I restart my browser every 5 days whether it needs it or not. I find if I let it go more than 5 days, my Dashlane password manager gets wonky. I restarted it last night because I did Firefox upgrades on all of the computers. That was last night. Today is today and this community logs me out at least twice every day.

GW
Advanced Tutor

Every time I come back to my computer today and look at this community tab, I have to sign in again. Four times again today. No disconnects in the modem logs at all.

Hi folks,

 

Any new or different login/logout behaviors lately? I still have an open case with Lithium on this and asked for an update. Just wondering if this issue is still as persistent as when first reported.

 

If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

GW
Advanced Tutor

Hi Liz,

 

Generally, every time I come to the community if less than 4 times a day, I have to log in every time I access the  always open community tab. As for a different behavior, one time last week I was still logged in when I accessed my tab in the morning. That was the only time I've remained logged in more than a few hours.

 

Another thing I find interesting is I can leave the community and access my Hughes account using the link at the top. No problem. Sometimes when I come back to the community right away, I get kicked out to the login page. That seems bassackward.

GabeU
Distinguished Professor IV


@Liz wrote:

Hi folks,

 

Any new or different login/logout behaviors lately? I still have an open case with Lithium on this and asked for an update. Just wondering if this issue is still as persistent as when first reported. 


With Chrome, as long as I leave any window open, even a non Community window, I don't have to sign in again for quite some time when I go back to the.  I can be completely off the Community, then go back after an hour and I don't have to sign in, as long as I didn't close Chrome altogether.  I imagine there is an auto logoff for inactivity, so I have had to sign in again hours later, but that's expected.   If I close all of my Chrome windows, basically closing Chrome altogether, then immediately open a window and go to the Community, I am required to sign in again.   

 

With that said, I've actually gotten used to it and it doesn't bug me nearly as much as it did in the beginning.  Of course, I guess you get used to anything after long enough.  LOL.  I actually went to the other Sat ISP's Community after weeks of having not been there and still didn't have to sign in.  Of course, their's is still a GetSat Community, but evidently they keep you signed in until something substantial changes with your browser, or until you actually sign out.  

 

So, yes, it's still persisting.  

 

Edit:  Also, kind of related to what @GW said, even if I have a Community window open, if I go to the myAccount page to check anything, I have to sign in.  If I leave the myAccount page without signing out, I'm still signed into the Community, but if I sign out of the myAccount page, it also signs me out of the Community.  So, I have to sign in separately at both the Community and the myAccount page, but signing out of the myAccount page signs me out of both, even if I have a separate Community page open and signed in.  I can see the former, but the latter can get a little annoying.  Still, to be honest, I don't mind that they both require a sign in, even if connected.  I can see the safety in it.  

 

OK, thanks for the updates!

 

If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

What I don't understand is why my avatar is showing in the upper right corner but I still have to sign in 😮  Now that's not the case ALL the time.  Sometimes I see the orange "sign in/register" link but most often my granddaughter's photo is there which I would assume means I'm logged in but if I try to post to the community, I still have to sign in.

@monicakm

I am the kind of person who finds this stuff very interesting, and your question of why your photo (avatar) shows up even when you still have to log in got me wondering. I decided to do some poking around to see why this occurs, spurred on by a lack of anything else to do tonight.

 

I found that the reason your avatar shows when you return to the site is due to the way these forums handle cookies. More specifically, how the cookies are handled between the Hughesnet community, Mixpanel, and Lithium. In case you don't know, Lithium is the company which makes the backbone/infastructure of this community forum. (In my opinion hughes made a great choice in going with their service.) Mixpanel is a business analytics company, which handles the... analytics. I'm not sure what gets sent to them, but to be honest I really don't care. I'm not interesting enough to be worth anything analytically.

 

This website is broken down into two main frames. The top blue bar (the one with the orange sign in button) is coming from header.hughesnet. The rest of the page is coming from community.hughesnet. It seems the header is shared amongst all hughesnet pages, while community is for these forums only.

 

Here is a screenshot of the cookies used while not logged in and navigating the community pages:While browsing before logging inWhile browsing before logging in

 As you notice, I whited out the values of each cookie, as they contain personal information. I'm not entirely sure if the rest of what I whited out is personal, but I'm sticking to a better-safe-than-sorry mentality.

 

At the top there are two LiSESSIONID entires. These are both IDs unique to that browsing session. Those cookies are set to be deleted once you close the browser. They have nothing to do with login status. I have seen cookies used like this before, and they were simply used to make sure the content you request is sent to the correct person. The online game distributer Steam had an issue with this feature (not in cookie form, but the same general concept) where when people sent a request for the store page, they were sent someone else's store page, as if they were signed in as the other user. But since this value isn't used for login information, you could not affect the other user's information at all. (Tangent over...)

 

Then we have two LithiumVisitor entries. To be honest I have no idea what these are for. They are set to expire in 10 years, but are changed in the same manor as the LisessionID entries. Someone smarter than me put them there for a reason, and I trust they know what they are doing. I'm going to put VISITOR_BEACON and lithiumLogin in the same boat, as they seem to operate the same way.

 

The last three entries are for Mixpanel, and appear to be sessionID entries for their own use. The second Mixpanel is the only entry which contains my login ID. These cookies are set to expire in a year, and they do persist across browser restarts. 

 

The following screen shot is after signing in: 

While logged inWhile logged in

 

As you can see, four cookies were created. _mpidentified, _uin,  _vsetting, and hughesLoggedIn. All four of these are boolean values (Yes/no or True/false). Interestingly, the first three either show a 1 or 0, and the hughesLoggedIn shows true. All four of these cookies are set as session cookies. 

 

Two additional cookies are created near the top. LithiumUserInfo and LithiumUserSecure. LithiumUserInfo seems to be your very own user ID number, as the value is the same amongst logins. That would make LithiumUserSecure a security key. This key is unique with each login, so you can't simply use someone else's cookie value in UserInfo to log in as them. Note that UserInfo is set to expire 2 hours after you login, while the security token is session only and should be deleted when the browser is closed. That is why you have to log back in every 2 hours that you are on these forums!

 

At this point you may be wondering when I am going to answer the question of why the avatar stays on screen even when you restart the browser and are technically logged out. I promise that is coming soon!

 

This is the state of the cookies after closing Chrome and coming back to the community forums:

After restarting browserAfter restarting browser

 So what has happened? Not quite what is expected. The only session cookie which has been deleted is hughesLoggedIn. As far as the browser knows, we are still logged in to Lithium! None of those session cookies were deleted. 

 

If you look at the top right of every screenshot, you will see a red circle with an X and a number. That is the number of errors the website encountered. Under normal browsing I am getting 5 errors. These are all related to the page trying to communicate with Mixpanel. Something is broken there. Yet another reason you shouldn't be worried about the analyitics. Smiley Happy  The extra 4 errors all point to redirect issues with Lithium. Lithium is refusing cross-origin requests. This is absolutely what should be happening, as the value being sent to Lithium for LithiumUserSecure (the security key) is not valid anymore!

 

So.. what is causing this? Why is the hughesLoggedIn cookie being deleted as intended but not the rest? 

 

It appears the hughesLoggedIn cookie is actually being deleted once you navigate back to this website, not when the browser is closed. It appears Hughesnet seems to checks this value before you are even served the webpage. The header cookie is fixed in advance. This is why you  can have your avatar show up under the orange sign in box! 

 

At this point the browser knows it is not signed in to Hughesnet, which is why the hughesnet header is working properly. BUT the browser thinks it is signed in through the Lithium service, since the cookies are still there, which is why the rest of the page looks like you are still signed in. Once you click on another link (going to the Tech Support forums, for example) the remaining session cookies should be deleted, and your avatar will no longer show. Sometimes they aren't deleted for a while, and I have no way of knowing why.

 

 

Although this is just a graphical issue, I set out to find a solution.. and I found one! For Chrome, at least...

 

In your Chrome settings, near the top, there is a setting for 'On Startup'. If this value is set to 'Continue where you left off' the deletion of session cookies can be broken. If you go all the way to the bottom you can click "Show Advanced Settings".  Scroll to the bottom again.. under System there is a check box for "Continue running background apps when Google Chrome is closed". When this setting is enabled, Chrome never really 'closes'. There is a known issue (which is an old...old issue) that this setting interrupts the deletion of session cookies. I unchecked that box and when I restarted the browser and came back here the webpage looked like I had never signed in before. 

 

Your mileage may vary, though, as I tried this on two different computers and got two different results...

 

TL;DR: Cookies are the reason.

maratsade
Distinguished Professor IV

@Matt_Is_My_Name, excellent post.