Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #300: Digital Manipulator exceeding velocity parameters

rocksolid / Rocksolid Nodes Help / How logging in to post SHOULD work

SubjectAuthor
o How logging in to post SHOULD workRetro Guy

1
Subject: How logging in to post SHOULD work
From: Retro Guy
Newsgroups: rocksolid.nodes.help
Organization: Rocksolid Light
Date: Mon, 15 Jul 2024 13:09 UTC
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: retroguy@novabbs.com (Retro Guy)
Newsgroups: rocksolid.nodes.help
Subject: How logging in to post SHOULD work
Date: Mon, 15 Jul 2024 13:09:17 +0000
Organization: Rocksolid Light
Message-ID: <7411efabcff30437848aa7150041240c@www.novabbs.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org;
logging-data="3369402"; mail-complaints-to="usenet@i2pn2.org";
posting-account="gg+dDWHMzVrdxGO9Gmt8aqyeWDXqlxfqiuS0jX/WMXY";
User-Agent: Rocksolid Light
X-Rslight-Posting-User: a93aefeeff923def71455caae2dbfb277a59e046
X-Rslight-Site: $2y$10$Zzt.FtyaKtT6Mnuf.a/feeSz.4WO7weZCEWJCRdWt.H4tyqacWayO
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Face: .&YR-G(w(DZ$$,}%k=]*5*!p'=(anr"IT`wZG'2VWdfl\r)l[42u7JH`n(JUQ*e5*A|XCDf
?&\X&uwkl38"CYX3O8m}C8E4p'%N$2#kSTVzx{Ly|DjLT\Vk7NE}NQ(VC$Yq]i:7|z[.9iv^g>*8_B
H0=hZt'[%)4kG|
View all headers

Here's how this is supposed to work. I've recently made some fixes so
hopefully this is correct.

When you click Post or Reply, the post page comes up and includes your
username/password prompts. If you are not logged in, you can edit these
prompts. If you are logged in, they are not editable (password always
shows as asterisks and it's not actually saved anywhere. The server
never knows your password).

Staying logged in requires cookies and javascript. Else, you just need
to authenticate for each post. You can still post without javascript or
cookies.

Knowing if you are logged in (the server knowing) is based on whether
you have passed the username/password check, of course, then the server
maintains that you are logged in for a while (and sets some cookies).

This "while" is based on auto rotating keys that rotate every 4-8 hours,
so you can be considered NOT logged in after 4-8 hours. If the keys are
still ok (checked on server vs. cookies), your cookies are checked that
they match some hashes of some server side account info per user (in
addition to keys). Lastly, your ip address is checked to see if it has
changed. If your ip address changes, you must re-authenticate.

That is how it is meant to work. If it does not, please let me know what
happens and I'll continue to try to improve it.

--
Retro Guy

1

rocksolid light 0.9.8
clearnet tor