• Was the /today page the page you were on when you signed in?

  • Somebody tell @velocio I'm signed in via auth0 on Windows Phone 10 Edge browser

  • mdcc_tester has kindly just done that for you.

  • Signed in with Auth0 fine on chrome Version 52.0.2743.116, gmail account. However when I got to new page on the forum I'm logged out every time.

  • .

  • In IE11 if I click onto the "forums" tab I don't appear to be logged in (have the sign in option at the top rather than my aviator) but as soon as I click back to "following" or into a forum/thread its fine again.

  • it does now work, just signed in using my gmail account.
    using forum normally no issues..

  • i was on the "home" page as that is where i was automatically directed when i logged out of persona.

  • if i go to the today page right now i stay logged in, but if i go to the forums page it logs me out

  • correction, if i go to the forums page and it appears i am logged out, but if i then chose a forum i am logged in

  • Works on Chrome on my HTC Desire 626 running Android 6.0.1

    I have two Google accounts and it let me choose which one I wanted to sign in as.

    Less hassle & more familiar than Persona, which had a weird "sweep this arrow across the screen" display interface.

  • That looks like a browser caching thing

  • Also works on Chrome on my laptop.

  • insert clueless dog at keyboard meme each time I post on technical interwebsz chat threads

  • This is the gist of the known caching issue:

    The page on which you sign-in (whichever page that is), when visited after you have signed-in... the browser is serving from local cache and isn't going back to the server.

    Why? I do not know.

    It only affects the page on which you originally click the auth0 link, and then visits after the first successful one.

    So if you sign-in on / then / will always show you signed out (because it's giving you the page as it was when you were signed out).

    In Chrome developer tools, one gets the cryptic message "Provisional headers are shown" but this doesn't say how to solve it.

    I don't know how to force the browser to revalidate.

  • It may now be working without the caching issues.

  • I've tried on a few devices (desktop IE11, mobile FF v48) and it seems to work ok but I've got multiple verification codes in my inbox. Is this right? Does this mean that I'll have to access my email to get the verification code each time I log in?

  • If you are using the "email a code" option, then yes you'll need to enter the code.

    This shouldn't happen that frequently, when you've signed in I give you a cookie that lasts for a very long time.

    The code is instead of a password, basically.

  • The caching thing is fixed, but requires that you empty your browser cache to see the fix.

    If anyone is unsure how to do this and is definitely suffering from the issue, then clearing all browser data is a simple but rather brute force way of achieving it (it will sign you out of everything).

  • is the long lasting cookie like willie wonkas everlasting gobstopper?

  • Ok, thanks. I think cookies are cleared each time I log in/out at work which might explain it.

  • If that lasts until 2038, then yes.

  • Seems to work perfectly for me on desktop, iOS (both iPhone and iPad) and Android.

    I like the fact that the log in is an overlay rather than a new window. I found Persona's pop up a bit jarring.

    I hadn't heard of Auth0 before. Is this instead of Portier, the authentication system formerly known as Letsauth?

  • auth0 is a commercial thing, and it's fairly heavy as well as pricey.

    The cost:

    That's basically not far from the cost of our web servers for all sites. So it's definitely expensive.

    However they have a free plan if the number of "active users" is below 7k in a month... and so I figure that I can make each site owner register their own auth0 account, and this spreads the load, whilst leaving the site owners fully in control of their user lists, and it means it's free.

    But the second issue... the minified JavaScript is over 600KB. That's more than half a meg, for JS just to sign in.

    That's crazy.

    But hey, this all works, so it's a good plan B.

    Ah... plan B.

    Because Portier is still Plan A. I've configured auth0 to do what Portier will do, auth against Google and Microsoft, or send a code to your email.

    Portier is free, and there's no need to make it have a 600KB JS file.

    So Portier is behind schedule but free, and should work identically to the way auth0 is working (or near enough to not make a difference).

    Portier is in fact the preferred option as:

    • it is free
    • it is open source
    • it can be self-hosted
    • it will be lighter and quicker

    But the Plan B means:

    • I definitely have something in the bag for when Persona shuts
    • Sites like the Rapha Cycling Club can opt to integrate their auth0 into their real user database (sign into the shop, be automatically signed into the forum)
    • Sites that want it can opt to use auth0 instead of Portier (if they have low enough usage to be free or are cool with the cost)

    Basically... options, this gives us options.

  • minified JavaScript is over 600KB

    holy shit what is it doing?!

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

New login stuff, if your username changed and you need your email updating let me know

Posted by Avatar for Velocio @Velocio

Actions