Re: [sr #110439] Cannot login...

[Bob Proulx]

Hello Andy,

Andy Stewart wrote:
> I found the email, but when I click the link, there is a message on the
> webpage:  Invalid Confirmation Hash

I am very happy that you are able to receive the email!  That's
something anyway.

> I went to the Savannah website, requested another lost password hash, which
> arrived via email almost immediately, and clicked it.  After resetting my
> password and logging in, on the left of the web page, it still says "Not
> Logged In".  There is no indication that my login was successful.

This worries me that somewhere along the way on your client side of
things something is getting "wonky".  Either your web browser, a
plugin to your web browser, or possibly something in the middle
between though with https that should be less likely.

> An indication that the system believes I'm not logged in occurs when I try
> to change my email address.  On the "People at Savannah: Andy Stewart
> Profile" page, it says, "You could send a message if you were logged in."
> 
> I'm trying to change my email address, which on Savannah is "unavailable",
> to "kb1oiq@arrl.net", so far, to no avail.
> 
> Your continued help will be very much appreciated.  Thanks!

A possible reason for the "not logged in" status is if cookies are
disabled.  Or if the write storage for cookies is read only.  Or if a
browser plugin is destroying cookies out of a misplaced sense of
increased privacy.  Some gremlin has eaten your cookies!  While
cookies have been a source of abuse on the net cookies are also the
best and primary method to create login sessions on web sites.  I
think something in your cookie storage is really broken and that is
causing problems.  Otherwise after you logged in the cookies would
identify you and the site would show that you were logged in.

Back before https I would sometimes see problems due to MITM
Man-In-The-Middle corporate http proxies that were broken and mangling
the protocol.  I remember debugging to root cause two different ones
very clearly.  But now with https this is much less likely.  Now it
requires willing participation by installing MITM https certificate
CAs to enable this.  But I note that some less than well thought out
anti-virus programs have been caught doing this.  And some less than
well thought out plans by governments have tried to require this.  So
while this is very unlikely I can't say as an absolute that the
problem of MITM proxies mangling the protocol is completey gone when
using https.  But it is unlikely now in the typical case.  Very
unlikely.

Do you have another computer available?  Can you log in with that
other system and update your settings as you desire?  Because
initially I am really suspecting something "wonky" about your main
setup there.  And I am pretty sure that if you were to go to a
different system that there would be no trouble.

Bob