Problems with attachments

[Martin Gühmann]

As I wanted to download an attachment, today. I had to log in although I was logged in. But it comes better: I have disabled the image view so that attached images are shown as links, in order to avoid some clicking I decided to reanable the image view. But once I opened a thread that contained an attached image it showed the line:

User XXX has attached this image:

then nothing no image even not a link. So that was in Mozilla 1.3 and Opera 6.04. Well Netscape 4.78 just shows a missing image image. Well in Netscape 4.78 I have a link that I can follow but again I have to relog in.

Well what is the problem Markos and when is it fixed?

-Martin

[Martin Gühmann]

I Forgot to mention that I don't use cookies.

-Martin

[ískallin]

I have had the same problem.

[MarkG]

use cookies or allow cokies from our site

[Martin Gühmann]

A good site has non cookie support. So is Apolyton a good site?

However I will disable this cookie junk again, I am tired of these click, do you want accept this and that cookie. So should I do it now forever to allow only the ones from Apolyton and never from other sites. So far I did not find the the option in Mozilla just allow cookies from the following sites. And actual there is no need for that if we only have good sites.

-Martin

[MarkG]

Quote:

A good site has non cookie support. So is Apolyton a good site?

no

[Kuciwalker]

A forum can't work without cookies. Don't complain.

[Ming]

Yeah... small price to pay for a great FREE gaming site

[Gramphos]

I'm not sure if just setting the brows forum with cookies to no will make it possible. I'm sure that having that setting to yes and not accept cookies will cause trouble.

[Rasbelin]

Okay, I'll test it in Opera 7.1 with cookies enabled and disable them for vB.

/me tests.

Tried to download a unit ZIP from the Civ III file forum, and I had no problems doing that,

Martin,

just enable the cookies or use a newer browser.

[FlameFlash]

I have a similar issue in Safari Beta, but since it's still in beta I don't complain... if it's overly important I just ask somebody to e-mail it to me.

In Safari I get the full php code of the download script in hex. I could probably find the actual URL somewhere with the file if I had the time to decode it all, but it's easier if you have problems just to PM somebody to send you the file via e-mail.

[Urban Ranger]

Quote:

Originally posted by skywalker A forum can't work without cookies.

You need the cookies to identify yourself as a member.

[ixnay]

If you disable cookie use on the forums, it will add

s=a;lsdkgjaskjfdhgafdkjhe4rGIBBERISH

to all the forums addresses to identify you as you browse around. Problem with this (that they had at Something Awful) is that if you post links with that in it is possible but difficult for someone to take that and acquire your password. There was a rash of people having their accounts stolen last year due to this.

[Urban Ranger]

Quote:

Originally posted by ixnay Problem with this (that they had at Something Awful) is that if you post links with that in it is possible but difficult for someone to take that and acquire your password. There was a rash of people having their accounts stolen last year due to this.

I am not sure about this, but it seems quite unlikely such a thing could happen. If it did, it's a problem with a specific program istead of using the http header to pass information.

[Skanky Burns]

Of course, when you post a link you could always edit out that bit. But then, you would need to know what you are doing.

Easier is just to let 'Poly use cookies. If you set it on a site basis, there is not much security risk.

[Immortal Wombat]

I let 'poly use cookies and I still get the s=gibberish. I edit it out whenever I link.

[Skanky Burns]

Are both your browser and Apolyton's control panel set to allow cookies?

[Urban Ranger]

You need to set your ACS options as well, otherwise it wouldn't know your browser accepts cookies from the site.

[Martin Gühmann]

Quote:

Originally posted by Asuka Okay, I'll test it in Opera 7.1 with cookies enabled and disable them for vB. * Asuka tests. Tried to download a unit ZIP from the Civ III file forum, and I had no problems doing that, Martin, just enable the cookies or use a newer browser.

No to cookies, I know browsing the internet is risky if you want to save your privacy, but you shouldn't make it easier then necessary. And for a newer browser I would say Mozilla 1.3 is a new browser and updating from Opera 7.03 is ... Well and I doubt it would help.

Quote:

Originally posted by ixnay If you disable cookie use on the forums, it will add s=a;lsdkgjaskjfdhgafdkjhe4rGIBBERISH to all the forums addresses to identify you as you browse around. Problem with this (that they had at Something Awful) is that if you post links with that in it is possible but difficult for someone to take that and acquire your password. There was a rash of people having their accounts stolen last year due to this.

That is not true also your IP number and browser is encoded in this hex number.

Quote:

Originally posted by skywalker A forum can't work without cookies. Don't complain.

That is not true, a forum can work without cookies. Or tell why there is the option in my profile to browse without cookies. Tell me why I can post without cookies.

Well if I hit the post reply button I can post without having to relogin. Also when I hit the new thread button or I click on the controll panel, search, members and on the forum quick links on the top of each forum page. So a forum without cookies is possible.

The only questions that is left is why I have to reloagin even if I am logged in, when I click on the edit link, on the reply with quote link, the userprofile link or if I just want to see an attached image?

Quote:

Originally posted by MarkG Quote: A good site has non cookie support. So is Apolyton a good site? no

Then make Apolyton better, it can't be so difficuilt to fix the links I mentioned above.

-Martin

[ixnay]

I'm just repeating what I remember was said on the Something Awful forums. Ask Lowtax what happened if you really care that much:

lowtax@somethingawful.com

And I don't see why you are so deadset against using cookies. You seem like you're just overly paranoid that using them will cause you to completely lose all of your privacy.

It's my opinion that the owners of sites shouldn't need to pander to people who can't be bothered to actually make easy upgrades or utilize non-harmful technology.

[Rasbelin]

Cookies weren't made evil. It's the evildoers who abuse them for their evil business, who make them an instrument for violating your privacy.

[VJ]

at MarkG's reply... that's something we should add to the quote database.

[Locutus]

Quote:

That is not true, a forum can work without cookies.

Ever tried to write your own forum software? Of course it can, but it's not easy to do.

Writing forum software without being able to use cookies is like writing SLIC without being able to use variables. Of course that would be perfectly possible, but I sure as hell am happy to be able to use variables...

If we had people working on the site full-time, I'm sure Markos wouldn't mind looking into it. But we all have lifes next to the time we spend on 'poly. And quite frankly, using the Internet without cookies is hopelessly out-of-date. I know few websites that offer personalized content and that don't use cookies...

[VJ]

Quote:

Martin Gühmann: "A good site has non cookie support. So is Apolyton a good site?" MarkG: "no"

Aah, you have a good taste when it comes to signatures, Asuka.

[Rasbelin]

Especially as the previous one included a quote by you.

[Urban Ranger]

Quote:

Originally posted by Martin Gühmann No to cookies, I know browsing the internet is risky if you want to save your privacy, but you shouldn't make it easier then necessary.

Cookies are just bits of persistent information saved by your browser to get around the stateless problem of HTTP. It's like a hammer. You can certainly bash somebody's head in with one.

Quote:

Originally posted by Martin Gühmann That is not true also your IP number and browser is encoded in this hex number.

Nitpick: it's not a hex number it is a character string. I also don't think the IP number is in there.

Quote:

Originally posted by Martin Gühmann That is not true, a forum can work without cookies. Or tell why there is the option in my profile to browse without cookies. Tell me why I can post without cookies.

Cookies or strings. Take your pick.

[Martin Gühmann]

Quote:

Originally posted by Urban Ranger Nitpick: it's not a hex number it is a character string. I also don't think the IP number is in there.

Yes finally it is a string, but it is interestingly that it only conatians these characters:

0123456789abcdef

And this is a hex number represented as string. Well if it does not contain my IP address then I wonder why I have to relogin when I got disconnected and I got another IP when I reconnect? What else could identify this.

Quote:

Originally posted by Urban Ranger Cookies or strings. Take your pick.

I take strings, these strings are not saved on my hard disk.

And now for the non cookies support request: I must say this is nothing impossible, for instance if I want to downlaod an attachment then the link does look like this:

http://apolyton.net/go.php?forums/attachment.php?s=&postid=1301962

You see the: s=

after this s= there should be the string. Well if I visit Civfanatics or the vBulletin 3.0.0 Beta 2 board then there is the string behind the s=. So I don't request something impossible. Well looks like an vBulletin issure, as Civfanatics uses vBulletin Version 2.2.6. Possibly upgrading the board would be also an antiserver-load meassure.

[Gramphos]

Quote:

Originally posted by Martin Gühmann Yes finally it is a string, but it is interestingly that it only conatians these characters: 0123456789abcdef

Ever heard of Hexadecimal numbers? (h, well reading on shows that you have )

Quote:

And this is a hex number represented as string. Well if it does not contain my IP address then I wonder why I have to relogin when I got disconnected and I got another IP when I reconnect? What else could identify this.

Actually it's a unique number generated by an algorithm (MD5 IIRC) based on the time when yuo got to the site for this session IIRC.
It's stored on Poly for a time (session timeout or until you logout) together with your IP to identify you.
Which mean that the IP and the session string has to match for you to stay logged in. (The session hash on the directory is not matched to IP, so they are easier to use to steal someones account)

Quote:

I take strings, these strings are not saved on my hard disk.

As most browsers keeps track of recently visited URLs they are stored, unless you disable that too.