HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Jsconnect vanilla 2.x session timeouts whoops

We have a integrated forum on subdomain forum.domain. when people's sessions expire (phone browsers or long inactivity) they get whoops page instead of login page anyone have any pointers? The sign page is correct https://domain.com/login

Also we are working to move to 3.x can anyone comment on jsconnect or SSO integration in that version

Thanks

Eric

Tagged:

Comments

  • I am using jsconnect in latest 3.x - works marvelously - good job tot he developers!

    Look in your browser inspector/devtools for errors... and post back here

  • https://forums.domain.com/entry/jsconnect/error. is the only clue ..... I dont see anything in Console

  • If I click Main Discussions .... they pop up fine so its possibly a 2 fold issue ..... clearly my Session expired (I left the window open a couple hours) and clicked forum resulting in Whoops jsconnect error ..... cause if your not logged in you cant access the /auth/vanilla but if they hit Recent Discussions in the header it thinks they are logged in .....

    Thats a problem ..... what if kick a person out set their status to "out" ........ they can still access the forum????? How do I prevent them from accessing the forum ..... SSO/Jsconnect should not allow access if the main site session is expired or their status is disabled

  • This is a Motorcycle Club we cant have uninvited guests or people we throw out accessing our stuff

Sign In or Register to comment.